The following is an example of connections. As inbound TCP connections are established their details are printed out. This includes the UID, PID and CMD of the server process that is listening on that port, # connections UID PID CMD TYPE PORT IP_SOURCE 0 242 inetd tcp 79 192.168.1.1 0 359 sshd tcp 22 192.168.1.1 100 1532 Xorg tcp 6000 192.168.1.1 ^C In another window snoop was running for comparison, # snoop 'tcp[13:1] = 0x02' Using device /dev/rtls0 (promiscuous mode) mars -> jupiter FINGER C port=56760 mars -> jupiter TCP D=22 S=56761 Syn Seq=3264782212 Len=0 ... mars -> jupiter XWIN C port=56763 snoop can already tell me that these connections are happening - but does not print out details of the server that accepted the connection. |