From owner-freebsd-questions@FreeBSD.ORG Sun Apr 30 20:58:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D36E16A400 for ; Sun, 30 Apr 2006 20:58:57 +0000 (UTC) (envelope-from steinex@nognu.de) Received: from shodan.nognu.de (shodan.nognu.de [85.14.216.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8A6D43D45 for ; Sun, 30 Apr 2006 20:58:56 +0000 (GMT) (envelope-from steinex@nognu.de) Received: by shodan.nognu.de (Postfix, from userid 1002) id 6E9CEB83D; Sun, 30 Apr 2006 22:58:54 +0200 (CEST) Date: Sun, 30 Apr 2006 22:58:54 +0200 From: Frank Steinborn To: freebsd-questions@freebsd.org Message-ID: <20060430205854.GA6843@shodan.nognu.de> Mail-Followup-To: freebsd-questions@freebsd.org References: <73cb07950604301352w15a543d7sb3828504ca416da8@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73cb07950604301352w15a543d7sb3828504ca416da8@mail.gmail.com> User-Agent: mutt-ng/devel-r581 (FreeBSD) Subject: Re: Hacked? How can I tell what process is sending packets from a particular port (udp/55613)? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Apr 2006 20:58:57 -0000 boink wrote: > Dear FreeBSD, > > I see outbound packets from udp/55613, one every 5 seconds, to a > single non-routable (10....) IP, with destination port increasing by 1 > with each packet, with expected ICMP Destination net unreachables from > an upstream router. > > AFAIK, there's no reason for this and I don't like it - how can I tell > which process is sending the packets? > > With thanks in advance, > boink Try to catch the process with "sockstat -46p 55613" HTH, Frank