Determining what process/uid is attempting a network connection

From: Jez Hancock (jez.hancock_at_munk.nu)
Date: 05/22/03

  • Next message: Martin Jessa: "Radius auth" 
    Date: Thu, 22 May 2003 12:22:39 +0100
To: FreeBSD ISP List <freebsd-isp@freebsd.org>

    Hi,

    I have a large number of user processes (eggdrops) connected to numerous networks
    and recently started noticing a number of connection attempts
    outgoing to a reserved network address, 0.0.13.5. My firewall logs
    show:

    May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT
    May 21 00:00:22 users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 -> 0.0.13.5,3334 PR tcp len 20 60 -S OUT
    May 21 00:00:22 users ipmon[62]: 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len 20 60 -S OUT
    May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT

    How can I determine what process is spawning this connection attempt and
    the uid of the process?

    I use ipfw to analyze bandwidth on a per user basis, but I can't think
    of a way to use ipfw to capture the kind of info I need in this instance.

    Thanks in advance,
    Jez
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

  • Next message: Martin Jessa: "Radius auth"