0

last time i watched out my iptables-log and i dont know , how i get the reason or which process ordered the connection establishment.

Jan  8 23:02:17 ipo-dara kernel: [49323.868478] iptables-dropped: IN= OUT=eno1 SRC=myserver.ip DST=50.19.218.16 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35516 DF PROTO=TCP SPT=36764 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0

Here we see a dropped output connection from src to dst-ip to port 443, i dont now why ? How can i find the reason, why my server want to connect to 50.19.218.16 ???

a short introduction would help me a lot.

kind regards blackbeard

beard black
  • 67
  • 2
  • 11
  • You can't get that information from the iptables logs. – Zoredache Jan 08 '20 at 23:23
  • and where can i read the reason ? some examble – beard black Jan 08 '20 at 23:52
  • You will need to track down the source port. Look into `netstat` and `lsof`. That will tell you which application/service is using that port. Then find more information from the log of that service. – Tux_DEV_NULL Jan 09 '20 at 08:45
  • This Q/A could also help: [How I can identify which process is making UDP traffic on Linux?](https://serverfault.com/questions/192893/how-i-can-identify-which-process-is-making-udp-traffic-on-linux) (except it's SOCK_STREAM for TCP rather than SOCK_DGRAM) – A.B Jan 09 '20 at 16:19
  • i installed nestat and lsof but i couldnt find the dynamic (privat) port 36764 for tcp. nestat showes me only the open/listen port – beard black Jan 09 '20 at 20:10

0 Answers0