How to find out which process opens tcp connection ?

[kultakala]

Hi all,

I have a SUSE linux server which repeatedly tries to open a tcp connection to a proxy server on port 8080.
But i do not know which process opens the connection and what url it tries to reach.
Thats because the proxy server is not in my hands and the server is not allowed to access the proxy.
The tcp session itself is not accepted so i never see any url request within a capture.
I tried to find which process tries to open the connection by using "lsof", "ss" and "netstat" commands but the only thing i see is an output like this:

# netstat -nap | grep 8080
tcp 0 0 10.183.45.88:53550 10.182.33.105:8080 TIME_WAIT -

So, there is no process listed.
I guess i am not able to catch the moment during the tcp session init.

Any idea how i can find out which process is initiating the tcp connection to the proxy ?

Thanks!

 

[kc1di]

This Stackoverflow forum may be of help.

How can I know the process name which is opening a tcp port?

I have two linux servers. Let's say they are C and S. C is client of S On my S machine, I type. $ netstat -an | grep ESTABLISHED tcp 0 0 192.168.1.220:3306 C:57010

unix.stackexchange.com

 

[kultakala]

Hi,

I didnt find that forum thread while i searched for a solution, thanks for the hint.

I looked for the source port with netstat and used ss -tp sport command to find the initiating process id.

At first i thought i solved the problem, but before i can manually check the source port its already in use by a different process.
Sometimes its even not open anymore at all.

I guess i need to debug the network process itself or something.

 

[dos2unix]

lsof -i

 

[KGIII]

I wrote the following, which might be of use to the OP:

Let's Use 'netstat' To Find Out What Process Is Listening On A Specific Port • Linux Tips

Today's article is going to teach you how to use 'netstat' to find out what process is listening on a specific port.

linux-tips.us

 

[kultakala]

Unfortunately netstat or lsof does not help.
I ran a while loop which executed a netstat or lsof command multiple dozen times a second but even then i was able only one time to get the open local port. But when i checked this local port it was already closed and i didnt find out the process.
So i need a script or something to automatically parse the local port and find the process.
But i dont know how to do that.
The opening of the tcp connection until it gets closed is only 1 millisecond according to the packet capture so i guess even a script wouldnt help.
Is there any chance to debug the service which opens the connections for the processes ? Dont know how to describe it better.

 

[dos2unix]

The opening of the tcp connection until it gets closed is only 1 millisecond according to the packet capture so i guess even a script wouldnt help.
Is there any chance to debug the service which opens the connections for the processes ? Dont know how to describe it better.

tcpdump

 

[kultakala]

tcpdump doesnt show me which process opened the connection

 

[tinfoil-hat]

Hi all,

I have a SUSE linux server which repeatedly tries to open a tcp connection to a proxy server on port 8080.
But i do not know which process opens the connection and what url it tries to reach.
Thats because the proxy server is not in my hands and the server is not allowed to access the proxy.
The tcp session itself is not accepted so i never see any url request within a capture.
I tried to find which process tries to open the connection by using "lsof", "ss" and "netstat" commands but the only thing i see is an output like this:

# netstat -nap | grep 8080
tcp 0 0 10.183.45.88:53550 10.182.33.105:8080 TIME_WAIT -

So, there is no process listed.
I guess i am not able to catch the moment during the tcp session init.

Any idea how i can find out which process is initiating the tcp connection to the proxy ?

Thanks!

I always use netstat -tulpen Maybe this is already enough for you

 

[osprey]

I always use netstat -tulpen Maybe this is already enough for you

Yes. Also informative:

ss -tulpen