what process is sending this packet?

[David Curtis]

On Mon, Dec 27, 2010 at 9:29 AM, S Mathias <smathias1972 at yahoo.com> wrote:

> I can see, that theres a program that keeps sending packets on port 25:
>
> Dec 27 14:11:46 a kernel: [ 6336.992320] O_D_LOG: IN= OUT=lo SRC=127.0.0.1
> DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61533 DF PROTO=TCP
> SPT=37263 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
> Dec 27 14:12:01 a kernel: [ 6352.635704] O_D_LOG: IN= OUT=lo SRC=127.0.0.1
> DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55853 DF PROTO=TCP
> SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
> Dec 27 14:12:04 a kernel: [ 6355.641085] O_D_LOG: IN= OUT=lo SRC=127.0.0.1
> DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55854 DF PROTO=TCP
> SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
> Dec 27 14:12:10 a kernel: [ 6361.649059] O_D_LOG: IN= OUT=lo SRC=127.0.0.1
> DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55855 DF PROTO=TCP
> SPT=40644 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
>
> but where or how could i find out, that what process sends these packets?
>
>
Well, the process is sending to port 25, which is smtp. It's possible that a
service is sending messages to the admin account. If you have a mail server
running, check root's mail first. Also match up the time this occurred with
various log files in /var/log. If there's nothing that seems to match and
you can't predict the source port you may need to run a packet capture app
with an appropriate filter to look at the data that is being sent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20101228/e5cc4971/attachment.html>