Re: Deciphering the output from tcpflow?
On Wed, 3 Nov 2004 00:43:07 -0200, Henrique de Moraes Holschuh
<hmh@debian.org> wrote:
> On Tue, 02 Nov 2004, Robert Tilley wrote:
> > Now that I know the specifics of From and To about the traffic, how does that
> > help me in terms of identifying the offending process IDs?
>
> Using lsof, you can track down which process has the local socket of the
> flow you're after.
>
If you have port info you can also user fuser(1). The -n option is the
one you want to use.
Example:
root@mutex# fuser -n tcp 80
80/tcp: 749 28560 28786 28914 28916 28917 28920 30506
30925 31185 31186
Here you have the PID's which are using the 80 port (in this case apache).
Reply to: