If a connection is established, then you can find the owner by comparing
the inode in /proc/net/tcp with the /proc/<PID> tree [all the numbered
folders]. In each of these there is a folder named fd which provides
symbolic links to the open file descriptors which that PID is using. a
quick ls -l will give you the information you need to resolve it to a
socket inode, you'll usually see socket:[32424] or something similar.
You then know which PID owns the conection. I have some python code
which resolves this all to program names if you want it?
Tom Eastep wrote:
vwf wrote:
How can I lock my workstation down on application level?
