Hacker News new | ask | show | jobs
by viraptor 2885 days ago
If the process actually tries to be stealthy you won't see open UDP sockets like this. If the data is only sent out, or the all is using polling, the socket can be created and destroyed as needed.

A better approach could be systemtap which has a whole system visibility.
1 comments
isostatic 2885 days ago
Presumably it would show up in a netstat, but only while the packet was being written to the network stack?

  open(SOCK)
  // now visible 
  write(SOCK, contents)
  close(SOCK)
  // no longer visible
link