Determining what process/uid is attempting a network connection
Colin Campbell
sgcccdc at citec.qld.gov.au
Thu May 22 16:30:14 PDT 2003
Hi,
On Thu, 22 May 2003 12:22:39 +0100
Jez Hancock <jez.hancock at munk.nu> wrote:
> Hi,
>
> I have a large number of user processes (eggdrops) connected to numerous
> networks and recently started noticing a number of connection attempts
> outgoing to a reserved network address, 0.0.13.5. My firewall logs
> show:
>
> May 21 00:00:22 users ipmon[62]: 00:00:21.557455 fxp0 @0:12 b
> 213.152.51.194,4138 -> 0.0.13.5,3333 PR tcp len 20 60 -S OUT May 21 00:00:22
> users ipmon[62]: 00:00:21.557529 fxp0 @0:12 b 213.152.51.194,4139 ->
> 0.0.13.5,3334 PR tcp len 20 60 -S OUT May 21 00:00:22 users ipmon[62]:
> 00:00:21.557578 fxp0 @0:12 b 213.152.51.194,4140 -> 0.0.13.5,3335 PR tcp len
> 20 60 -S OUT May 21 00:00:22 users ipmon[62]: 00:00:21.557625 fxp0 @0:12 b
> 213.152.51.194,4141 -> 0.0.13.5,3336 PR tcp len 20 60 -S OUT
>
>
> How can I determine what process is spawning this connection attempt and
> the uid of the process?
Try "sockstat" or install "lsof".
Colin
--
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3227 6334
More information about the freebsd-isp
mailing list