1 |
On Fri, Jan 20, 2012 at 5:27 PM, Michael Mol <mikemol@×××××.com> wrote: |
2 |
> If the machine is running linux, then 'watch "lsof -n|grep TCP|grep |
3 |
> 3680"' as root is a sloppy but effective way to find it. There's |
4 |
> probably some way to set up a firewall rule on the host in question |
5 |
> that logs out the user and (possibly) PID of the connection, but I |
6 |
> don't know. |
7 |
|
8 |
"lsof -i" is easier, it only shows network connections :) |
9 |
|
10 |
catching it when it happens (if it is very briefly connected) could be |
11 |
hard with lsof... Maybe setup a tarpit firewall rule on that box so |
12 |
the connection stays open for a long time. |