[GRLUG] Rogue SSH connections

Adam Tauno Williams awilliam at whitemice.org
Sun Oct 6 20:04:59 EDT 2013

On Sun, 2013-10-06 at 17:53 -0500, L. V. Lammert wrote:
> When one does fstat [lsof] on a BSD box, it returns detailed information
> about open files, e.g.:
> lvl      ssh        19533    4* internet stream tcp 0xd9041800 \
> -->
> How does one get similar info on Linux? One of our workgroup servers is
> opening ssh connections to a BSD server and leaving them open, but I
> cannot figure out what is causing them. Need to track back the IP to a
> PID/process on the Linux box for a clue.


lsof is 'standard' UNIX.  It works on LINUX, BSD, AIX, Slowaris, etc...

If you want to see details on a specific socket connection then "ss" can
tell you much much more. See slide 20 of 20 from the above link.

Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

More information about the grlug mailing list