Hacker News new | ask | show | jobs
by isostatic 2885 days ago
sudo netstat -planut would have shown what process was sending udp (and any other connections)

If I run up an iperf stream from one AWS server to another and run that command, one line that's out is this:

  udp        0      0 172.26.4.22:44142      52.56.147.150:5001      ESTABLISHED 20114/iperf
1 comments
viraptor 2885 days ago
If the process actually tries to be stealthy you won't see open UDP sockets like this. If the data is only sent out, or the all is using polling, the socket can be created and destroyed as needed.

A better approach could be systemtap which has a whole system visibility.

link
isostatic 2884 days ago
Presumably it would show up in a netstat, but only while the packet was being written to the network stack?

  open(SOCK)
  // now visible 
  write(SOCK, contents)
  close(SOCK)
  // no longer visible
link