[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unidentified TCP connections

Quoting Robert Varga (robi@piros.zold.net):
> 
> How can I determine the process belonging to a tcp connection on my
> machine? I have a couple of connection which I find very unnerving:
> 
> netstat -a | grep aiesec produces the output:
> 
> tcp        0      0 mymachine:27567    aiesecplanet.satim:auth
> ESTABLISHED 
> tcp        0      0 mymachine:27434    aiesecplanet.satim:auth
> ESTABLISHED 
> tcp        0      0 mymachine:27426    aiesecplanet.satim:auth
> ESTABLISHED 
> tcp        0      0 mymachine:27389    aiesecplanet.satim:auth
> ESTABLISHED 
> tcp        0      0 mymachine:26779    aiesecplanet.satim:auth
> ESTABLISHED 
> tcp        0      0 mymachine:1097     aiesecplanet.satim:auth
> ESTABLISHED 
                                  /
                    --------------
                   /
fuser -n tcp -u <nnnnn>
prints the pid, then
ps auxwww | grep <pid>
tells you the process commandline.

> How can I find what communication is taking place on these connections?

tcpdump -l -n -i <interface> [host <host>] | tee <somefile>
to watch the traffic.

Cheers,

-- 
Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
Reply to: