Thank You for Your time and answer, Kelly: >>>Something like: >>>netstat --inet -ap >>> >>>"--inet" so you are looking at network sockets rather than unix >>>sockets, "-a" shows both established connections and listening >>>processes, "-p" shows PID and process name. >> >> I have tried this but it did tell me what sends/receives packets... > >What do you mean? It certainly tells you what has a current >connection, and what is listening. If there are no current connections >it will not show anything, although you could maybe use -c to >get it to repeat every second. It is true it does not show individual >packets, but you don't need that to know what program is sending. >What output do you get from it?
The problem is it does not tell me anything - being run under root (sudo). This is all I get: netstat --inet -ap -n Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name :( >> I have records from tcpdump as: ><snip> > >> So, here are several connections I see. Do You have an idea, How I >> can identify which process relate to each record - may related to >> port/protocol? > >The ones that mention localnet.domain are DNS queries >ICMP6 is the IPv6 version of ICMP (Ping and other control messages) >IGMP is used for multicast control >and finally, 6881 is the port for BitTorrent OK. But how I can find the processes IDs? For I have closed all the user's network app.s - still the machine connects to Internet - sends queries to DNS, bittorrent - while the user does not ask for it any more. So, I gonna find out who does all this work. >Why tcpdump habitually uses a dot to separate the port number >(or service name, like .domain) instead of the standard colon, I >don't know. That's OK - I recognize it. :) >If you want to see the port number instead of the service name >(e.g. 53 instead of domain), use the "-n" (numeric) option on >tcpdump (and netstat for that matter). If you don't know a port >number, google "port yyy". Thanks again, Kelly. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ee71dc2.82b6cc0a.52f9.1...@mx.google.com
