CaffeineAddict
Well-Known Member
I have few dropped outbound packets in my firewall log that look like this:
I know it's
How would you go about figuring out which process is responsible?
Bash:
DROP default new_out_4: IN= OUT=<NIC> SRC=<local IP> DST=<remote IP> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43196 DF PROTO=TCP SPT=42618 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 UID=1 GID=1
I know it's
root
user that's initiating connection due to UID=1 GID=1
, but I block root
user from making any connections outbound.How would you go about figuring out which process is responsible?