Date: Fri, 23 May 2003 09:29:53 +1000 From: Colin Campbell <sgcccdc@citec.qld.gov.au> To: freebsd-isp@freebsd.org Subject: Re: Determining what process/uid is attempting a network connection Message-ID: <20030523092953.363eaab5.sgcccdc@citec.qld.gov.au> In-Reply-To: <20030522112239.GB22219@users.munk.nu> References: <20030522112239.GB22219@users.munk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, 22 May 2003 12:22:39 +0100 Jez Hancock <jez.hancock@munk.nu> wrote: > Hi, > > I have a large number of user processes (eggdrops) connected to numerous > networks and recently started noticing a number of connection attempts > outgoing to a reserved network address, 0.0.13.5. My firewall logs > show: > > May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b > 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT May 21 00:00:22 > users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 -> > 0.0.13.5,3334 PR tcp len 20 60 -S OUT May 21 00:00:22 users ipmon[62]: > 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len > 20 60 -S OUT May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b > 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT > > > How can I determine what process is spawning this connection attempt and > the uid of the process? Try "sockstat" or install "lsof". Colin -- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3227 6334
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030523092953.363eaab5.sgcccdc>