How can I determine the process belonging to a tcp connection on my machine? I have a couple of connection which I find very unnerving:
netstat -a | grep aiesec produces the output: tcp 0 0 mymachine:27567 aiesecplanet.satim:auth ESTABLISHED tcp 0 0 mymachine:27434 aiesecplanet.satim:auth ESTABLISHED tcp 0 0 mymachine:27426 aiesecplanet.satim:auth ESTABLISHED tcp 0 0 mymachine:27389 aiesecplanet.satim:auth ESTABLISHED tcp 0 0 mymachine:26779 aiesecplanet.satim:auth ESTABLISHED tcp 0 0 mymachine:1097 aiesecplanet.satim:auth ESTABLISHED These connections mostly persist, so the port numbers are always the same for a long time, until the connection dies. There tend to be other connection attempts but they die quickly The connection to my port 1097 seems to be constant. I have nothing to do with the mentioned machine (aiesecplanet.satimex.tvnet.hu). I have nothing listening on any of these ports (that I know of), and nothing is listening there according to netstat -a. I had a misterious machine breakdown two days ago, when all services (SMTP, TELNET, SQUID, FTP, POP3,...) refused connections, except for DNS. To be more exact, the only tcp port under 4000 (I scanned to this number) which was open was 53 (domain). I suspect a break-in occured. How can I find what communication is taking place on these connections? Robert Varga
