On Tue, Oct 03, 2000 at 03:50:49PM +0200, Erwin Geirnaert wrote:
> I mean you can do netstat - a to see all active ports and you can see in the
> task manager which processes are running, but the link between them ?
> (this way it's easy to see that a specific port is used by ICQ and not by a
> trojan)
Well, with Linux the -p ooption is possible, but it requires some kernel
support and does curently not work very well. But you can use fuser or lsof:
calista:/home/ecki# fuser -v -n tcp 80
USER PID ACCESS COMMAND
80/tcp root 2173 f.... apache
root 2174 f.... apache
root 2176 f.... apache
root 2177 f.... apache
root 2178 f.... apache
root 2180 f.... apache
root 2184 f.... apache
root 2185 f.... apache
root 2186 f.... apache
calista:/home/ecki# lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache 2173 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2174 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2176 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2177 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2178 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2180 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2184 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2185 root 16u IPv4 12980 TCP *:www (LISTEN)
apache 2186 root 16u IPv4 12980 TCP *:www (LISTEN)
if i have some time i will look into the netstat -p/linux-2.4.0 issue.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
