Hacked? How can I tell what process is sending packets from a
particular port (udp/55613)?
Nils Vogels
nivo+sender+6075ff at yuckfou.org
Mon May 1 09:36:48 UTC 2006
Frank Steinborn wrote on 30-04-2006 22:58:
> boink wrote:
>
>> Dear FreeBSD,
>>
>> I see outbound packets from udp/55613, one every 5 seconds, to a
>> single non-routable (10....) IP, with destination port increasing by 1
>> with each packet, with expected ICMP Destination net unreachables from
>> an upstream router.
>>
>> AFAIK, there's no reason for this and I don't like it - how can I tell
>> which process is sending the packets?
>>
>> With thanks in advance,
>> boink
>>
>
> Try to catch the process with "sockstat -46p 55613"
>
Should that not give you the results you desire, try installing lsof, it
has a bundle of options for open filehandles.
HTH,
Nils
More information about the freebsd-questions
mailing list