RE: How to find a process

["Shortz, Alan" <ashortz () answerthink com>]

Hi Fran,


Is this a windows box?

Run netstat -anob

This will give you the Process ID (PID) for each socket connection. You
can then correlate that to processes in task manager.

With Linux,

I believe it's netstat -p, the ps aux.


Hope this helps.


Alan

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Francisco Rodrigo Cortinas Maseda
Sent: Wednesday, June 13, 2007 5:32 AM
To: security-basics () securityfocus com
Subject: How to find a process

Hello,

my name is Fran, im a network and system administrator, and i have a
strange case, but sure somenone have had the same problem before me.

My problem is that we have some strange traffic on the firewalls, going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are listening
on. I want to know the process that is using the outgoing port, that is,
44267.

Is there a way to know this?

Thanks in advance.
Regards.