lsof, sockets and trojans
Apr 30, 2009, 16:53 (0 Talkback[s])
(Other stories by Juliet Kemp)
"You'll quite often see two reports from a single command, one
for TCP and one for UDP. The PID and user is shown for each IP
socket, so if you see something suspicious, you can investigate
further (e.g., with ps -l 5763 to get more information on the mysql
process here, or by looking at /proc/5763/)"