From owner-freebsd-questions@FreeBSD.ORG  Mon Dec 27 14:40:03 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5FD40106564A
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Dec 2010 14:40:03 +0000 (UTC)
	(envelope-from guru@unixarea.de)
Received: from ms16-1.1blu.de (ms16-1.1blu.de [89.202.0.34])
	by mx1.freebsd.org (Postfix) with ESMTP id 16AFD8FC12
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Dec 2010 14:40:02 +0000 (UTC)
Received: from [193.31.11.193] (helo=current.Sisis.de)
	by ms16-1.1blu.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.69) (envelope-from <guru@unixarea.de>)
	id 1PXEEz-00072e-DH; Mon, 27 Dec 2010 15:40:01 +0100
Received: from current.Sisis.de (current [127.0.0.1])
	by current.Sisis.de (8.14.3/8.14.3) with ESMTP id oBREe0vQ046154;
	Mon, 27 Dec 2010 15:40:00 +0100 (CET)
	(envelope-from guru@unixarea.de)
Received: (from guru@localhost)
	by current.Sisis.de (8.14.3/8.14.3/Submit) id oBREe0sF046153;
	Mon, 27 Dec 2010 15:40:00 +0100 (CET)
	(envelope-from guru@unixarea.de)
X-Authentication-Warning: current.Sisis.de: guru set sender to
	guru@unixarea.de using -f
Date: Mon, 27 Dec 2010 15:40:00 +0100
From: Matthias Apitz <guru@unixarea.de>
To: S Mathias <smathias1972@yahoo.com>
Message-ID: <20101227144000.GA46133@current.Sisis.de>
References: <586011.29943.qm@web121407.mail.ne1.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <586011.29943.qm@web121407.mail.ne1.yahoo.com>
X-Operating-System: FreeBSD 8.0-CURRENT (i386)
User-Agent: Mutt/1.5.19 (2009-01-05)
X-Con-Id: 51246
X-Originating-IP: 193.31.11.193
Cc: freebsd-questions@freebsd.org
Subject: Re: what process is sending this packet?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Matthias Apitz <guru@unixarea.de>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Dec 2010 14:40:03 -0000

El día Monday, December 27, 2010 a las 06:30:05AM -0800, S Mathias escribió:

> I can see, that theres a program that keeps sending packets on port 25:
> 
> Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
> Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
> Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
> Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 
> 
> but where or how could i find out, that what process sends these packets?

looks like local delivery (127.0.0.1) of mail (port 25); you might catch
the proc with lsof (from ports collection);

HIH

	matthias
-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <guru@unixarea.de> - w http://www.unixarea.de/