Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find a process

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 14 Jun 2007 13:57:37 +0200
On 2007-06-13 Francisco Rodrigo Cortinas Maseda wrote:

My problem is that we have some strange traffic on the firewalls, going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are listening
on. I want to know the process that is using the outgoing port, that is,
44267.

Is there a way to know this?


Of course there is. However, the way differs from operating system to
operating system so you should've mentioned what OS the server is
running. On Windows Server 2003 you'd use "netstat -anob", on earlier
Windows versions you'd have to resort to TCPView [1]. On Linux servers
the command would be "netstat -antp", on Mac OS X Server "lsof -i -P".

[1] http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Previous By Date Next
Previous By Thread Next

Current thread: