[TriLUG] which process is listening on this socket

matt at noway2.thruhere.net matt at noway2.thruhere.net
Wed Feb 29 16:41:35 EST 2012


It's a bad choice of options isn't. :P

The funny thing is that it is one of the commands you should use and look
at very carefully if you suspect being Pwn'd.

My full recommendation would be:
( /bin/ps acxfwwwe 2>&1; /usr/sbin/lsof -Pwln 2>&1; /bin/netstat -anpe
2>&1; ) > /path/to/data.txt

This will give you a complete process, socket, and connection list in one
file that you can examine and cross check.

>
>> Try lsof -Pwn
>
> Maybe it's just me, but I am afraid to try any command
> with a "Pwn" option.
>
>
>> Sent via BlackBerry
>
> Sent via my Raspberry Pi
>
>
> --
> # ɹǝʇɹoԀ uɐl∀
>
> --
> This message was sent to: Matt Flyer <matt at noway2.thruhere.net>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web	:
> http://www.trilug.org/mailman/options/trilug/matt%40noway2.thruhere.net
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions




More information about the TriLUG mailing list