You are not logged in.
- Topics: Active | Unanswered
#1 2014-04-11 21:45:21
- piratebill
- Member
- From: Sol System
- Registered: 2011-10-20
- Posts: 139
Any way to log what process made a connection?
I run darkstat on my server and like to checkup on it every now and then. At some point my server made a connection to an ip address owned by Apple and sent about 200 bytes to them as well as another 52 bytes to a server owned by Disney (at least thats who whois says owns the IPs in question). I know this is probably harmless, but I really want to know what process on my box made these connections. I've checked journalctl, auth.log, httd/access_log, iptables.log, messages.log and everything in the /var/log/old (which was empty). Darkstat itself only tells me this:
17.172.232.192
Hostname: (none)
MAC Address: c0:ea:e4:4d:d2:97
Last seen: 2014-04-11 06:27:17 UTC+0000 (15 hrs, 11 mins, 40 secs ago)
In: 247
Out: 0
Total: 247
TCP ports
(1-1 of 1)
Port Service In Out Total SYNs
443 https 247 0 247 0
UDP ports
The table is empty.
IP protocols
(1-1 of 1)
# Protocol In Out Total
6 tcp 247 0 247Current relevant daemons running on my box are apache,ssh, subsonic and of course darkstat.
I am aware there may not be any other information on my box about this connection. Do any of you know any tools I could use in the future log what running process makes what connections? It seems possible that subsonic could have been trying to get album information, but nothing for that ip shows up in subsonic's logs (though around that time it did do a "Automatic Podcast update scheduled to run every 24 hour(s)." I don't have any podcasts to update)
Last edited by piratebill (2014-04-11 22:06:18)
Offline