Date: Mon, 01 May 2006 11:37:15 +0200 From: Nils Vogels <nivo+sender+6075ff@yuckfou.org> To: freebsd-questions@freebsd.org Subject: Re: Hacked? How can I tell what process is sending packets from a particular port (udp/55613)? Message-ID: <4455D6CB.4000400@yuckfou.org> In-Reply-To: <20060430205854.GA6843@shodan.nognu.de> References: <73cb07950604301352w15a543d7sb3828504ca416da8@mail.gmail.com> <20060430205854.GA6843@shodan.nognu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Frank Steinborn wrote on 30-04-2006 22:58: > boink wrote: > >> Dear FreeBSD, >> >> I see outbound packets from udp/55613, one every 5 seconds, to a >> single non-routable (10....) IP, with destination port increasing by 1 >> with each packet, with expected ICMP Destination net unreachables from >> an upstream router. >> >> AFAIK, there's no reason for this and I don't like it - how can I tell >> which process is sending the packets? >> >> With thanks in advance, >> boink >> > > Try to catch the process with "sockstat -46p 55613" > Should that not give you the results you desire, try installing lsof, it has a bundle of options for open filehandles. HTH, Nils
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4455D6CB.4000400>