[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Deciphering the output from tcpflow?

On Wed, 3 Nov 2004 00:43:07 -0200, Henrique de Moraes Holschuh
<hmh@debian.org> wrote:
> On Tue, 02 Nov 2004, Robert Tilley wrote:
> > Now that I know the specifics of From and To about the traffic, how does that
> > help me in terms of identifying the offending process IDs?
> Using lsof, you can track down which process has the local socket of the
> flow you're after.

If you have port info you can also user fuser(1). The -n option is the
one you want to use.

root@mutex#  fuser -n tcp 80
80/tcp:                749 28560 28786 28914 28916 28917 28920 30506
30925 31185 31186

Here you have the PID's which are using the 80 port (in this case apache).

Reply to: