PID 6504 was my shell. I've logged off now. What are you expecting here??
ofthecentury <ofthecent...@gmail.com> wrote: > Yes, I'm tcdupming pflog and ALL my dropped packets > reference some PID 6504 that is not found among > the processes that are running. I was actually not fishing > for PIDs, I just saw the PID referenced in the standard > tcpdump output. For forensics I just want to find the link > between PID referenced in tcpdump to the process, > and I cannot, and I believe I should be able to for security. > > > > On Tue, Mar 5, 2024 at 7:12 PM Janne Johansson <icepic...@gmail.com> wrote: > > > Den tis 5 mars 2024 kl 14:35 skrev ofthecentury <ofthecent...@gmail.com>: > > > > > > Hi, I'm on a fresh install of OpenBSD 7.4. > > > I am watching output of tcpdump and > > > seeing some drops that all reference > > > UID 0, pid 6504. I cannot find that PID > > > among running processes. Does anyone > > > know what is that process and why it's > > > not running but tcpdump references it? > > > > OpenBSD has random pids, so unless you ask about pid 0 or 1, noone can > > divine what process had pid 6504 on your system at that time. > > > > As for this report, it looks like you are tcpdumping pflog in order to > > see "drops" with pids, but since you didn't mention what you ran, it's > > hard to tell. Nor did you state how you looked for pids, perhaps not > > using all the possible options? > > > > > > -- > > May the most significant bit of your life be positive. > >
