On Tue, Mar 5, 2024 at 12:24 PM Markus Wernig wrote:
> When I reload the pf ruleset with pfctl, the number in the pid field
> changes. So my assumption is that it is the pid of the pfctl process
> that inserted the rule. Is that correct?
>
I believe you are correct. while running tcpdump in ano
On 2024-03-05, Raul Miller wrote:
> If you want to track which executable was running which pid at a
> specific time, you need to put that information in a log, so you can
> associate pid and time with the executable path.
see accton(8), lastcomm(1)
--
Please keep replies on the mailing list.
I have asked myself the same question.
When runninng tcpdump -n -i pflog0 with the -e -v flags (and only in
that combination), it outputs tuples that looks like they should be a
uid and pid:
16:40:47.110033 rule 2/(match) [uid 0, pid 92257] block in on trunk0: ...
(it's 92257 on the machine t
And often we would live off
a desktop environment as we aware of.
this is poetry I think..
Mar 5, 2024 16:44:50 deich...@placebonol.com:
> not wanting to speak for someone else, but I'm pretty sure it was sarcasm.
>
> On March 5, 2024 8:21:40 AM MST, ofthecentury wrote:
>> Well, that's not v
Thanks. I'm new, so did not realize PIDs are randomly
numbered, which is fantastic. Just for a
fleeting moment I thought I wasn't going to be lonely,
with Theo's shell lurking in the background.
On Tue, Mar 5, 2024 at 8:30 PM Raul Miller wrote:
>
> If you want to track which executable was runni
not wanting to speak for someone else, but I'm pretty sure it was sarcasm.
On March 5, 2024 8:21:40 AM MST, ofthecentury wrote:
>Well, that's not very noice. Where is security?
>
>On Tue, Mar 5, 2024 at 7:45 PM Theo de Raadt wrote:
>
>> PID 6504 was my shell. I've logged off now.
>>
>> What are
If you want to track which executable was running which pid at a
specific time, you need to put that information in a log, so you can
associate pid and time with the executable path.
--
Raul
On Tue, Mar 5, 2024 at 10:26 AM ofthecentury wrote:
>
> Well, that's not very noice. Where is security?
Well, that's not very noice. Where is security?
On Tue, Mar 5, 2024 at 7:45 PM Theo de Raadt wrote:
> PID 6504 was my shell. I've logged off now.
>
> What are you expecting here??
>
>
> ofthecentury wrote:
>
> > Yes, I'm tcdupming pflog and ALL my dropped packets
> > reference some PID 6504 th
And once upon the time 'offtheshell' was around.. :D
Theo de Raadt :
> PID 6504 was my shell. I've logged off now.
>
> What are you expecting here??
>
>
> ofthecentury wrote:
>
>> Yes, I'm tcdupming pflog and ALL my dropped packets
>> reference some PID 6504 that is not found among
>> the pr
PID 6504 was my shell. I've logged off now.
What are you expecting here??
ofthecentury wrote:
> Yes, I'm tcdupming pflog and ALL my dropped packets
> reference some PID 6504 that is not found among
> the processes that are running. I was actually not fishing
> for PIDs, I just saw the PID ref
Yes, I'm tcdupming pflog and ALL my dropped packets
reference some PID 6504 that is not found among
the processes that are running. I was actually not fishing
for PIDs, I just saw the PID referenced in the standard
tcpdump output. For forensics I just want to find the link
between PID referenced in
Den tis 5 mars 2024 kl 14:35 skrev ofthecentury :
>
> Hi, I'm on a fresh install of OpenBSD 7.4.
> I am watching output of tcpdump and
> seeing some drops that all reference
> UID 0, pid 6504. I cannot find that PID
> among running processes. Does anyone
> know what is that process and why it's
> n
Hi, I'm on a fresh install of OpenBSD 7.4.
I am watching output of tcpdump and
seeing some drops that all reference
UID 0, pid 6504. I cannot find that PID
among running processes. Does anyone
know what is that process and why it's
not running but tcpdump references it?
Thanks!
13 matches
Mail list logo
