Re: Determining what process/uid is attempting a network connection

From: Colin Campbell (sgcccdc_at_citec.qld.gov.au)
Date: 05/23/03

  • Next message: Jez Han***: "Re: Determining what process/uid is attempting a network connection" 
    Date: Fri, 23 May 2003 09:29:53 +1000
To: freebsd-isp@freebsd.org

    Hi,

    On Thu, 22 May 2003 12:22:39 +0100
    Jez Han*** <jez.han***@munk.nu> wrote:

    > Hi,
    >
    > I have a large number of user processes (eggdrops) connected to numerous
    > networks and recently started noticing a number of connection attempts
    > outgoing to a reserved network address, 0.0.13.5. My firewall logs
    > show:
    >
    > May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b
    > 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT May 21 00:00:22
    > users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 ->
    > 0.0.13.5,3334 PR tcp len 20 60 -S OUT May 21 00:00:22 users ipmon[62]:
    > 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len
    > 20 60 -S OUT May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b
    > 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT
    >
    >
    > How can I determine what process is spawning this connection attempt and
    > the uid of the process?

    Try "sockstat" or install "lsof".

    Colin 

    --
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3227 6334
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: Jez Han***: "Re: Determining what process/uid is attempting a network connection"