| View previous topic :: View next topic |
| Author |
Message |
duby2291
Guru
Joined: 17 Oct 2004
Posts: 583
|
 Posted: Wed Apr 18, 2007 8:31 pm Post subject: show processes using network? |
 |
|
Is it possible to show what processes are accessing the network?
I have something on my computer that is pinging another computer over in texas... Beats the hell outa me what it is though. I dont know why it is doing it, or even what this other computer is. I would like to find out what process is responsible for this activity, is there anything out there that can do this?
I have taken a wireshark log of the activity that can be made available on request. |
|
| Back to top |
|
 |
jamapii
l33t
Joined: 16 Sep 2004
Posts: 637
|
| Posted: Thu Apr 19, 2007 12:12 am Post subject: |
|
|
netstat -p  |
|
| Back to top |
|
|
duby2291
Guru
Joined: 17 Oct 2004
Posts: 583
|
| Posted: Thu Apr 19, 2007 3:24 am Post subject: |
|
|
Ok I ran the command you asked me to, netstat -ep and here is the output of this command...
http://thebeast.dyndns.org:8080/netstat_unknown_ping
And I also did another wireshark capture that shows the ping requests, but I turned off other services so as not to give out unwanted information, so here is a wireshark capture....
http://thebeast.dyndns.org:8080/wireshark_unknown_ping
Beats me what is wrong, I didnt see anything out of the ordinary in netstat, most of it is just system services
Last edited by duby2291 on Sun May 04, 2008 6:54 pm; edited 1 time in total |
|
| Back to top |
|
|
jamapii
l33t
Joined: 16 Sep 2004
Posts: 637
|
| Posted: Sat Apr 21, 2007 9:05 am Post subject: |
|
|
I tried ping and netstat, and couldn't see the ping process in netstat. But ping leaves something in /proc/net/raw:
with a ping running: | Code: | > cat /proc/net/raw
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
1: 00000000:0001 00000000:0000 07 00000000:00000000 00:00000000 00000000 0 0 9022762 2 c1a23040 |
without ping: | Code: | > cat /proc/net/raw
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode |
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23062
|
| Posted: Sat Apr 21, 2007 5:09 pm Post subject: |
|
|
| It is likely the program sending the pings is /bin/ping. Have you tried using ps -efH (from sys-process/procps) to list running processes in a tree view, so you can see what spawned the offending ping? |
|
| Back to top |
|
|
duby2291
Guru
Joined: 17 Oct 2004
Posts: 583
|
| Posted: Sun Apr 22, 2007 6:08 pm Post subject: |
|
|
Sorry for the late response....
I did run " ps -efH" (Much nicer THANK YOU!!) and I did in fact see a ping process in there as /bin/ping. Once I killed the process ID the traffic stopped. However after restarting the computer, the ping process starts back up, then I have to kill it again... I dont know what is spawning the ping, because it has its own root in the tree view... However something must be starting it up on boot, and always pinging the same IP address. I know how to stop it, but I still dont know what is causing it. |
|
| Back to top |
|
|
dspgen
Tux's lil' helper
Joined: 17 Aug 2005
Posts: 103
|
| Posted: Sun Apr 22, 2007 8:25 pm Post subject: |
|
|
you should see the ppid (parent process id).
if the parent is gone (ppid=0) by the time you look, you could temporarily replace ping with a script to do ps -efH > my.log; date > my.log, etc - that might catch it. |
|
| Back to top |
|
|
|
Networking & Security
