From owner-freebsd-questions@FreeBSD.ORG  Sun Apr 30 20:59:40 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D84016A404
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Apr 2006 20:59:40 +0000 (UTC)
	(envelope-from glenn@antimatter.net)
Received: from cobalt.antimatter.net (cobalt.antimatter.net [69.55.224.239])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA5D043D48
	for <freebsd-questions@freebsd.org>;
	Sun, 30 Apr 2006 20:59:37 +0000 (GMT)
	(envelope-from glenn@antimatter.net)
Received: from foo.antimatter.net (cpe-72-132-246-89.san.res.rr.com
	[72.132.246.89]) (authenticated bits=0)
	by cobalt.antimatter.net (8.13.4/8.13.4) with ESMTP id k3UKwqR6015058
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 30 Apr 2006 13:59:23 -0700
X-MailKey: purple frogs are falling from the sky
Message-Id: <7.0.1.0.2.20060430135653.070baab0@antimatter.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Sun, 30 Apr 2006 13:58:48 -0700
To: boink <lordboink@gmail.com>, freebsd-questions@freebsd.org
From: Glenn Dawson <glenn@antimatter.net>
In-Reply-To: <73cb07950604301352w15a543d7sb3828504ca416da8@mail.gmail.co
 m>
References: <73cb07950604301352w15a543d7sb3828504ca416da8@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: 
Subject: Re: Hacked? How can I tell what process is sending packets
 from a particular port (udp/55613)?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Apr 2006 20:59:40 -0000

At 01:52 PM 4/30/2006, boink wrote:
>Dear FreeBSD,
>
>I see outbound packets from udp/55613, one every 5 seconds, to a
>single non-routable (10....) IP, with destination port increasing by 1
>with each packet, with expected ICMP Destination net unreachables from
>an upstream router.
>
>AFAIK, there's no reason for this and I don't like it - how can I tell
>which process is sending the packets?

sockstat -c should give you the info you need.

-Glenn


>With thanks in advance,
>boink
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"