Determining what process/uid is attempting a network connection

Thu May 22 16:30:14 PDT 2003

Hi,

On Thu, 22 May 2003 12:22:39 +0100
Jez Hancock <jez.hancock at munk.nu> wrote:

> Hi,
> 
> I have a large number of user processes (eggdrops) connected to numerous
> networks and recently started noticing a number of connection attempts
> outgoing to a reserved network address, 0.0.13.5.  My firewall logs
> show:
> 
> May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b
> 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT May 21 00:00:22
> users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 ->
> 0.0.13.5,3334 PR tcp len 20 60 -S OUT May 21 00:00:22 users ipmon[62]:
> 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len
> 20 60 -S OUT May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b
> 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT 
> 
> 
> How can I determine what process is spawning this connection attempt and
> the uid of the process?

Try "sockstat" or install "lsof".

Colin
--
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3227 6334