Quote:
Originally Posted by darthaxul
encountered this weird process that is showing up when I run netstat...
netstat -anep
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:16385 0.0.0.0:* LISTEN 0 3076 -
so I run find -inum 3076 and four files show up
I end up rebooting then same tcp/port is listening but diffrent inode this time. I run find again and four different files show up this time. So I launch rkhunter and everything comes back clean. Now I'm wondering what this mysterious program is. Then I noticed another connection showing up as...
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
but eventually went away. but the other one for port 16385 is still showing up.
|
Perhaps
lsof -i is more successful in reporting the process.
I doubt that
find can find sockets. What you found was files in different filesystems that happened to have the same inode number as the socket by accident.