[unisog] Cross-reference apps to TCP/UDP connections on UNIX??

Mark Brochu mbrochu at mail.hartford.edu
Tue Oct 8 13:13:11 GMT 2002


Hmmm...

Netstat 1.42 supports netstat -tulnp (tcp,udp,listening,numbered,pid).  This
command will work on linux but not sure about other ports...  What's also
neat is cross referencing the pid with /proc, helps detect if a rootkit is
installed.


Mark Brochu
University of Hartford, ITS
Data Network Specialist
----- Original Message -----
From: "Clarke Morledge" <chmorl at wm.edu>
To: <unisog at sans.org>
Sent: Monday, October 07, 2002 1:52 PM
Subject: [unisog] Cross-reference apps to TCP/UDP connections on UNIX??


> There was some discussion on the list last week concerning how to cross
> reference TCP/UDP ports/connections with the applications that are using
> those ports/connections on Microsoft Windows operating systems.
>
> Does anybody have any ways to do the same thing on UNIX operating systems?
>
> In other words, it sure would be cool to cross reference the output of
> netstat with the output of ps.  Specifically, tying the process ID and/or
> the user ID together with the TCP/UDP ports/connections being used would
> be great.
>
> Has anybody any suggestions, or is this just wishful thinking on my part?
>
>
> Clarke Morledge
> College of William and Mary
> Information Technology - Network Engineering
> Jones Hall (Room 18)
> Williamsburg VA 23187
> 757-221-1536
> chmorl at wm.edu
>
>
>



More information about the unisog mailing list