If I type "netstat", I can see a list of IP addresses that my PC is connected to.
If I start with an IP address, how do I find the process that has opened the connection to said IP address?
Asked
Active
Viewed 607 times
4 Answers
0
1- open cmd > netstat -ano
2- you will see a column says PID with a number
3- open task manager, go to processes tab, and select "view" menu while you are on this tab
4- then choose "select column" and add PID
Now you will see what the PID from the netstat command is bind to
BluesRhythm
- 308
- 1
- 5
- 13
0
You're going to want to use either lsof or fuser.
lsof has an easier syntax, plus it directly shows all relevant info including the process executable name:
lsof -i @address
adaptr
- 16,576
- 23
- 34
0
You can use sockstat -c | grep IP.IP.IP.IP.
Without grep the output looks like this.
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS hennes sshd 74693 3 tcp4 131.155.141.68:22 88.159.82.134:4748 hennes sshd 74693 4 stream -> ?? root sshd 74690 3 tcp4 131.155.141.68:22 88.159.82.134:4748 root sshd 74690 5 stream -> ?? hennes ssh 72543 3 tcp6 2001:610:1108:5011::68:637622001:610:1108:5010::159:22 hennes sshd 84193 3 tcp4 131.155.141.68:22 88.159.82.134:1047 hennes sshd 84193 4 stream -> ?? root sshd 84190 3 tcp4 131.155.141.68:22 88.159.82.134:1047 root sshd 84190 5 stream -> ?? postfix pickup 84095 7 dgram -> ?? hennes tf-50b8 61863 3 tcp6 2001:610:1108:5011::68:612482001:610:1108:5011::70:3333 001:610:1108:5011::68:222001:610:1108:5011:2e0:81ff:fe2d:e87c:54441 root sshd 75997 3 tcp6 2001:610:1108:5011::68:222001:610:1108:5011:2e0:81ff:fe2d:e87c:54441 root sshd 75997 5 stream -> ?? hennes irssi 46812 3 tcp4 131.155.141.68:57245 88.198.94.219:6667 hennes irssi 46806 3 tcp4 131.155.141.68:56526 131.155.140.178:6667 hennes ssh 91455 3 tcp6 2001:610:1108:5011::68:543982001:610:1108:5010::135:22
With grep you simple filter so it only shows the desired IP, but the header is also lost.
Hennes
- 4,842
- 1
- 19
- 29