You are not logged in.

Pages: 1

#1 2024-04-02 05:46:33

sevk
Member
From: CN
Registered: 2017-02-09
Posts: 33

how to find which process send these UDP packages ?

every 10 min in log ,  how to find it ?

[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=111.230.189.174 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=26670 PROTO=UDP SPT=48415 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=193.182.111.12 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=41013 PROTO=UDP SPT=58538 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=52.231.114.183 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=11720 PROTO=UDP SPT=36595 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=108.61.73.243 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=48497 PROTO=UDP SPT=52458 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=108.61.73.244 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=48061 PROTO=UDP SPT=36891 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=129.250.35.250 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=4202 PROTO=UDP SPT=35338 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=65.100.46.166 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=42748 PROTO=UDP SPT=39821 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=129.250.35.251 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=24619 PROTO=UDP SPT=35890 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=139.143.5.31 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=25664 PROTO=UDP SPT=58972 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=193.57.144.50 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=35588 PROTO=UDP SPT=39445 DPT=123 LEN=56 
[Tue Apr  2 13:42:09 2024] IN= OUT=enp3s0 SRC=192.168.1.27 DST=213.5.132.231 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=22459 PROTO=UDP SPT=58323 DPT=123 LEN=56

Offline

#2 2024-04-02 06:44:03

edacval
Member
From: .LT
Registered: 2008-10-23
Posts: 91

Re: how to find which process send these UDP packages ?

Looks like an typical NTP client workflow. Try Opensnitch to be sure.

Offline

#3 2024-04-07 01:44:17

sevk
Member
From: CN
Registered: 2017-02-09
Posts: 33

Re: how to find which process send these UDP packages ?

kk@kkar4 ~ sudo systemctl status opensnitchd
opensnitchd.service - Application firewall OpenSnitch
     Loaded: loaded (/usr/lib/systemd/system/opensnitchd.service; enabled; preset: disabled)
     Active: activating (auto-restart) (Result: exit-code) since Sun 2024-04-07 09:41:25 CST; 18s ago
       Docs: https://github.com/evilsocket/opensnitch/wiki
    Process: 1728697 ExecStart=/usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules (code=exited, status=1/FAILURE)
   Main PID: 1728697 (code=exited, status=1/FAILURE)
        CPU: 88ms


kk@kkar4 log tail -f opensnitchd.log
[2024-04-07 01:42:26]  ERR  Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26]  ERR  [eBPF]: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26]  WAR  error starting ebpf monitor method: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26]  WAR  Unable to set new process monitor (ebpf) method from disk: Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package
[2024-04-07 01:42:26]  WAR  Is opensnitchd already running?
[2024-04-07 01:42:26]  !!!  Error creating queue #0: Error -1 unbinding existing q handler from AF_INET protocol family: invalid argument

Offline

#4 2024-04-07 06:59:10

seth
Member
Registered: 2012-09-03
Posts: 51,718

Re: how to find which process send these UDP packages ?

Did you install https://archlinux.org/packages/extra/x86_64/opensnitch/ or did you try to somehow manually install it?
That being said:

 nmap -Pn 193.182.111.12
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-07 08:57 CEST
Nmap scan report for ntp1.flashdance.cx (193.182.111.12)
Host is up (0.048s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE  SERVICE
13/tcp  open   daytime
37/tcp  open   time
113/tcp closed ident

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#5 2024-04-17 03:15:01

sevk
Member
From: CN
Registered: 2017-02-09
Posts: 33

Re: how to find which process send these UDP packages ?

 
sudo pikaur -Syu  opensnitch-ebpf-module opensnitch

not work  , then I remove ebpf :

sudo pikaur -Rs opensnitch-ebpf-module

not work , then I reinstall  opensnitch :

sudo pacman -S opensnitch

get ERR:

[2024-04-07 01:42:26]  ERR  Module not found (opensnitch.o) in any of the paths.
You may need to install the corresponding package

Last edited by sevk (2024-04-17 03:16:44)

Offline

#6 2024-04-17 06:25:13

seth
Member
Registered: 2012-09-03
Posts: 51,718

Re: how to find which process send these UDP packages ?

https://aur.archlinux.org/packages/open … ent-923084

tail n10000 /etc/opensnitchd/*.json

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

Pages: 1

Board footer

Powered by FluxBB