How to detect what process is making a connection?

Kevin Buettner kev@primenet.com
Wed, 8 Mar 2000 10:40:36 -0700 

On Mar 7, 11:21pm, Shawn T. Rutledge wrote:

> I got my dad using a linux gateway to ppp into my system for internet access.
> Well it's dialing out a lot, even when his other computers are turned off.
> So I'm wondering how I can log all outgoing packets, or maybe better log
> any outgoing packet which causes the ppp connection to become necessary.
> (I'm using the new demand dialing feature built into pppd)  Any ideas how
> to do that?

Doesn't pppd have a debug option to allow you to do this?

> Then after I figure out what is doing it, it would be cool to put in a 
> sort of restrictive filter so that only certain types of packets can cause 
> the ppp connection to become active (like, maybe only packets whose 
> destination is port 80... that should eliminate things like ICQ or AIM that 
> might be just keeping the connection alive for the heck of it.  To them it
> will look like the connection is down.) 

I use diald to do my demand dialing.  It has a very nice filter
mechanism to do just the type of filtering that you want.

diald also comes with a very nice monitoring program called dctrl
which gives you a graphical display of the incoming/outgoing load.
It also shows you which connections are keeping the link up and
the amount of time they have to live (from a filtering standpoint).

If you use Google to search for diald, you'll come up with Eric
Schenk's sites.  Eric is the original author, but not the current
maintainer.  Mike Jagdis is the current maintainer and he recently
moved the development to sourceforge.  See

    http://sourceforge.net/project/?group_id=179

Also, see

    http://diald.unix.ch/

which is the site at which most of the recent development was done.

BTW, diald works well with pppd, but over the past year or so it's
been extended so that it may also be used to control access to other
types of internet links as well.  E.g, I'm using diald on my linux
firewall to control the routes to an ISDN router.  diald gives me much
finer control over what types of packets will bring up the link and
gives me a much nicer monitoring program (dctrl) as well.

Kevin