Hi, Recently I found some unidentified outgoing connections (UOC, instead of UFO) from one of my linux machines (gentoo, firewall by vuurmuur.org via ipTables). Those UOC occurs soon after boot time, even though I closed all services. These are DNS calls. So I asked my friends full-time admins, how to check which program requests access to internet, and what user started this program. If, for example, RIAA would come to some University telling that from their IP someone is downloading "Lilo & Stitch" illegally, the admin should be able to tell who turned on bittorrent :) . And what stroke me was the fact, that they actually didn't know! They asked me to hunt for those UOC, and then type netstat with some options, to get the path to the binary, and locate in someone's home directory (the bittorrent client won't be probably installed as general bin for all users :) ). Any other idea how to do it? Can I force linux to log who and how is requesting a outgoing connection? -- View this message in context: http://www.nabble.com/How-to-inentify-local-source-of-connection-%28program-and-user%29-tp20757992p20757992.html Sent from the linux-admin mailing list archive at Nabble.com. -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
