-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21.01.2012 01:12, Grant wrote:
>>> If the machine is running linux, then 'watch "lsof -n|grep
>>> TCP|grep 3680"' as root is a sloppy but effective way to find
>>> it. There's probably some way to set up a firewall rule on the
>>> host in question that logs out the user and (possibly) PID of
>>> the connection, but I don't know.
>>
>> "lsof -i" is easier, it only shows network connections :)
>>
>> catching it when it happens (if it is very briefly connected)
>> could be hard with lsof... Maybe setup a tarpit firewall rule on
>> that box so the connection stays open for a long time.
>
> The connections are only attempted a few times throughout the day.
> Is a tarpit firewall rule the only way to do this? Can anyone tell
> me what package 'watch' belongs to if that would work?
>
> - Grant
>
I get:
equery b watch
* Searching for watch ...
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch)
sys-process/procps-3.2.8_p11 (/usr/bin/watch)
x11-themes/gnome-themes-standard-3.3.4
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch)
First and third can be ruled out, I think. So one candidate remains:
sys-process/procps
Available versions: 3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1
3.2.8_p11 {unicode}
Installed versions: 3.2.8_p11(00:15:18 22.12.2011)(unicode)
Homepage: http://procps.sourceforge.net/
Description: Standard informational utilities and
process-handling tools
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o=
=gaPQ
-----END PGP SIGNATURE-----
