From a host A an application is trying to connect to host B.
From firewall side I can see packets dropped coming from host A to host B.
I've access to host A: how can I know which "application" is trying to connect to host B?
Thanks,
Marco
Given PORT_NUMBER from firewall ,
in linux you can try as root :
netstat -anp | grep PORT_NUMBER
or ( will work in any Unix with lsof installed , as root again )
lsof | grep PORT_NUMBER
try netstat -p
you have a source and destination ports and the application name (in my sample Xvnc)
a sample line would look like this:
tcp 0 0 localhost:32800 localhost:32799 ESTABLISHED 3353/Xvnc
tcp 0 0 host.some.domain.com:5905 host2.domain.com:3646 ESTABLISHED 12888/Xvnc
-J
Thanks it worked.
I used:
netstat -anp|grep 3306
tcp 0 1 ::ffff:HOST_A:55370 ::ffff:HOST_B:3306 SYN_SENT 2988/java
and then I issued:
ps -ef|grep 2988
to know wich java application was connecting to that port.
Thanks again.