Determining what process/uid is attempting a network connection
Jez Hancock
jez.hancock at munk.nu
Thu May 22 04:22:41 PDT 2003
Hi,
I have a large number of user processes (eggdrops) connected to numerous networks
and recently started noticing a number of connection attempts
outgoing to a reserved network address, 0.0.13.5. My firewall logs
show:
May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT
May 21 00:00:22 users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 -> 0.0.13.5,3334 PR tcp len 20 60 -S OUT
May 21 00:00:22 users ipmon[62]: 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len 20 60 -S OUT
May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT
How can I determine what process is spawning this connection attempt and
the uid of the process?
I use ipfw to analyze bandwidth on a per user basis, but I can't think
of a way to use ipfw to capture the kind of info I need in this instance.
Thanks in advance,
Jez
More information about the freebsd-isp
mailing list