Re: Deciphering the output from tcpflow?

To: debian-user@lists.debian.org
Subject: Re: Deciphering the output from tcpflow?
From: "J.H.J. Claessen" <flitsend@gmail.com>
Date: Wed, 3 Nov 2004 12:13:47 +0100
Message-id: <[🔎] 573e9a2a041103031357dbd56a@mail.gmail.com>
Reply-to: "J.H.J. Claessen" <flitsend@gmail.com>
In-reply-to: <[🔎] 20041103024307.GC15103@khazad-dum.debian.net>
References: <[🔎] 200411021911.43457.tilleyrw@cfl.rr.com> <[🔎] 20041103024307.GC15103@khazad-dum.debian.net>

On Wed, 3 Nov 2004 00:43:07 -0200, Henrique de Moraes Holschuh
<hmh@debian.org> wrote:
> On Tue, 02 Nov 2004, Robert Tilley wrote:
> > Now that I know the specifics of From and To about the traffic, how does that
> > help me in terms of identifying the offending process IDs?
> 
> Using lsof, you can track down which process has the local socket of the
> flow you're after.
> 

If you have port info you can also user fuser(1). The -n option is the
one you want to use.

Example:
root@mutex#  fuser -n tcp 80
80/tcp:                749 28560 28786 28914 28916 28917 28920 30506
30925 31185 31186

Here you have the PID's which are using the 80 port (in this case apache).

Reply to:

References:
- Deciphering the output from tcpflow?
  - From: Robert Tilley <tilleyrw@cfl.rr.com>
- Re: Deciphering the output from tcpflow?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: cdrecord & cdwriter
Next by Date: Re: Debian defaults: Are them a democratic process?
Previous by thread: Re: Deciphering the output from tcpflow?
Next by thread: Re: Kernel 2.6.8 and usb
Index(es):
- Date
- Thread