Thank You for Your time and answer, Kelly: >> On a desktop system I have noticed a bit of network traffic whereas >> users do not run any network software... >> >> How do I find out which process on the system does send/receive >> network packets? > >Something like: >netstat --inet -ap > >"--inet" so you are looking at network sockets rather than unix >sockets, "-a" shows both established connections and listening >processes, "-p" shows PID and process name.
I have tried this but it did tell me what sends/receives packets... I have records from tcpdump as: 15:26:41.796962 IP n219078177226.netvigator.com.20026 > dark.6881: UDP, length 98 15:26:41.843163 IP dark.60324 > 192-168-0-001.localnet.domain: 18791+ PTR? 226.177.78.219.in-addr.arpa. (45) 15:26:42.188001 IP 109.166.130.88.57922 > dark.6881: UDP, length 103 15:26:42.240489 IP 192-168-0-001.localnet.domain > dark.60324: 18791 1/2/2 PTR n219078177226.netvigator.com. (155) 15:26:42.241167 IP dark.55090 > 192-168-0-001.localnet.domain: 33349+ PTR? 1.0.168.192.in-addr.arpa. (42) 15:26:42.252990 IP dark.50010 > 192-168-0-001.localnet.domain: 35194+ PTR? 1.0.168.192.in-addr.arpa. (42) 15:26:42.427152 IP 0.0.0.0 > all-systems.mcast.net: igmp query v2 15:26:42.427204 IP6 fe80::219:b9ff:fe53:3418 > ip6-allnodes: HBH ICMP6, multicast listener querymax resp delay: 1000 addr: ::, length 24 15:26:42.440462 IP 192-168-0-001.localnet.domain > dark.55090: 33349* 1/2/2 PTR 192-168-0-001.localnet. (151) 15:26:42.441035 IP 192-168-0-001.localnet.domain > dark.50010: 35194 1/0/0 PTR 192-168-0-001.localnet. (78) 15:26:42.441084 IP dark.51993 > 192-168-0-001.localnet.domain: 25411+ PTR? 88.130.166.109.in-addr.arpa. (45) 15:26:42.584183 IP n219079146094.netvigator.com.45846 > dark.6881: UDP, length 98 So, here are several connections I see. Do You have an idea, How I can identify which process relate to each record - may related to port/protocol? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ee642f3.8d23cc0a.68b1.ffffb...@mx.google.com