From owner-freebsd-questions@FreeBSD.ORG Tue Dec 28 04:39:58 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E61FE106564A for ; Tue, 28 Dec 2010 04:39:58 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 5F1D28FC08 for ; Tue, 28 Dec 2010 04:39:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id oBS4dttH005370; Tue, 28 Dec 2010 15:39:56 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 28 Dec 2010 15:39:55 +1100 (EST) From: Ian Smith To: S Mathias In-Reply-To: <20101228011647.05963106575C@hub.freebsd.org> Message-ID: <20101228145602.X30408@sola.nimnet.asn.au> References: <20101228011647.05963106575C@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: what process is sending this packet? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Dec 2010 04:39:59 -0000 In freebsd-questions Digest, Vol 343, Issue 3, Message: 10 On Mon, 27 Dec 2010 06:30:05 -0800 S Mathias wrote: > I can see, that theres a program that keeps sending packets on port 25: > > Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 > Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 > Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 > Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0 > > but where or how could i find out, that what process sends these packets? I believe you've posted to the wrong list; this looks pretty much like a linux box running the ipchains firewall to me .. we have one of those: root@pigs:~ # uname -a Linux pigs.wxyz.org 2.4.36 #1 Tue Jul 22 13:13:24 GMT 2008 i686 pentium3 i386 GNU/Linux >From its /var/log/messages: Dec 28 14:47:07 pigs kernel: INPUT IN=ppp0 OUT= MAC= SRC=84.100.172.194 DST=w.x.y.z LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52491 DF PROTO=TCP SPT=2381 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 Dec 28 14:47:15 pigs kernel: INPUT IN=ppp0 OUT= MAC= SRC=84.100.172.194 DST=w.x.y.z LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=53751 DF PROTO=TCP SPT=2635 DPT=22 WINDOW=5808 RES=0x00 SYN URGP=0 I'm hoping to check out Luigi's linux port of ipfw + dummynet sometime, but have yet to hear of ipchains - let alone (ugh!) tc - on FreeBSD :) cheers, Ian