I've tried to find out why I had some strange connections on my secure log file. Something like this :
Apr 23 11:35:43 li192-61 sshd[11651]: Did not receive identification string from 127.0.0.1
Apr 23 11:35:49 li192-61 sshd[11661]: Connection closed by UNKNOWN
I had many of these connections, each minute precisely. So I used the netstat
command as netstat -ta --numeric-ports --program | grep 22
to get more info. I got this (I removed my own ssh connection) :
tcp 0 0 localhost:56145 localhost:22 TIME_WAIT -
Next I tried to find which one is using this port, so I used lsof -i :22
and I got nothing except my own connection.
After I launched netstat
command again, I got this :
tcp 0 0 localhost:45979 localhost:22 TIME_WAIT -
A new port is using as remote destination from localhost through port 22. It's the same thing each minute.
I have no more ideas right now. So this my question :
Is there a way to get all process which are using ssh connection or get all process which are attempting to connect to a specific port (e.g: 45979) ?
Thank you for your time !