Suspect UDP traffic on lo interface

Question

I'm monitoring the lo interface with iptraf and am getting a lot of movement in the following form:

UDP (268 bytes) from 127.0.0.1:49254 to 127.0.0.1:49254 on lo

This message appears on average every 1-1.5 seconds.

I have tried to search the internet to understand what is generating these packets but without luck.

I have also tried to issue a

netstat | grep 49254 to try and see what is generating this traffic but with no luck. besides this I have run a ps -aux | grep more and went through every process to try and spot if there are any suspect executable files running but no luck there too.

Would apreciate some suggestions on how to track down the problem.

score 1 · Answer 1 · answered Feb 19 '14 at 08:46

1

Please take a look at nethogs, it will provide you information which process is sending those packets.

answered Feb 19 '14 at 08:46

neutrinus

1,125
7
18

score 1 · Accepted Answer · answered Feb 19 '14 at 09:02

1

The command 'ss -aupn | grep 49254' has a decent chance of showing you what is generating that traffic.

answered Feb 19 '14 at 09:02

Mark Sturgill

889
5
9

Got it. It our postgresql db server. – Fabrizio Mazzoni Feb 19 '14 at 09:27

Suspect UDP traffic on lo interface

2 Answers2