unidentified TCP connections
How can I determine the process belonging to a tcp connection on my
machine? I have a couple of connection which I find very unnerving:
netstat -a | grep aiesec produces the output:
tcp 0 0 mymachine:27567 aiesecplanet.satim:auth
ESTABLISHED
tcp 0 0 mymachine:27434 aiesecplanet.satim:auth
ESTABLISHED
tcp 0 0 mymachine:27426 aiesecplanet.satim:auth
ESTABLISHED
tcp 0 0 mymachine:27389 aiesecplanet.satim:auth
ESTABLISHED
tcp 0 0 mymachine:26779 aiesecplanet.satim:auth
ESTABLISHED
tcp 0 0 mymachine:1097 aiesecplanet.satim:auth
ESTABLISHED
These connections mostly persist, so the port numbers are always the same
for a long time, until the connection dies.
There tend to be other connection attempts but they die quickly
The connection to my port 1097 seems to be constant.
I have nothing to do with the mentioned machine
(aiesecplanet.satimex.tvnet.hu).
I have nothing listening on any of these ports (that I know of), and
nothing is listening there according to netstat -a.
I had a misterious machine breakdown two days ago, when all services
(SMTP, TELNET, SQUID, FTP, POP3,...) refused connections, except for DNS.
To be more exact, the only tcp port under 4000 (I scanned to this number)
which was open was 53 (domain).
I suspect a break-in occured.
How can I find what communication is taking place on these connections?
Robert Varga
Reply to: