On Mon, Dec 12, 2011 at 10:07, Sthu Deus <sthu.d...@gmail.com> wrote: > Thank You for Your time and answer, Kelly: > >>> On a desktop system I have noticed a bit of network traffic whereas >>> users do not run any network software... >>> >>> How do I find out which process on the system does send/receive >>> network packets? >> >>Something like: >>netstat --inet -ap >> >>"--inet" so you are looking at network sockets rather than unix >>sockets, "-a" shows both established connections and listening >>processes, "-p" shows PID and process name. > > I have tried this but it did tell me what sends/receives packets...
What do you mean? It certainly tells you what has a current connection, and what is listening. If there are no current connections it will not show anything, although you could maybe use -c to get it to repeat every second. It is true it does not show individual packets, but you don't need that to know what program is sending. What output do you get from it? > I have records from tcpdump as: <snip> > So, here are several connections I see. Do You have an idea, How I can > identify which process relate to each record - may related to > port/protocol? The ones that mention localnet.domain are DNS queries ICMP6 is the IPv6 version of ICMP (Ping and other control messages) IGMP is used for multicast control and finally, 6881 is the port for BitTorrent Why tcpdump habitually uses a dot to separate the port number (or service name, like .domain) instead of the standard colon, I don't know. If you want to see the port number instead of the service name (e.g. 53 instead of domain), use the "-n" (numeric) option on tcpdump (and netstat for that matter). If you don't know a port number, google "port yyy". Cheers, Kelly Clowers -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAFoWM=_nr7yXrebJOi45K=U_3jayPyndPpxAg==cenpunfq...@mail.gmail.com
