| 1 |
On Fri, Jan 20, 2012 at 5:27 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> If the machine is running linux, then 'watch "lsof -n|grep TCP|grep |
| 3 |
> 3680"' as root is a sloppy but effective way to find it. There's |
| 4 |
> probably some way to set up a firewall rule on the host in question |
| 5 |
> that logs out the user and (possibly) PID of the connection, but I |
| 6 |
> don't know. |
| 7 |
|
| 8 |
"lsof -i" is easier, it only shows network connections :) |
| 9 |
|
| 10 |
catching it when it happens (if it is very briefly connected) could be |
| 11 |
hard with lsof... Maybe setup a tarpit firewall rule on that box so |
| 12 |
the connection stays open for a long time. |
Archives