Score:0

Debian: Find unknown process pinging ip on old subnet after subnet change

cn flag

I changed my network subnet from 192.168.1.0 to 10.10.10.0, but some rogue process is trying to hit port 9100 on 192.168.1.145

I have tried sudo lsof -n | grep TCP | grep 9100 with no luck.
I have also tried sudo netstat -nlpt | grep 192.168.1.145 without luck.
My conclusion is that this isn't working because of the fact that the connection is not being established.

Besides waitig for a complete search for the ip in all files (sudo grep -Ril -e ´192.168.1.145´ * 2>/dev/null) to finish, or setting up some sort of dummy nic/ or a nc and route to let it connect to, what else can I do to find the process causing this.

I have checked that cups is not installed.

Update

It turned out i had misread the IP and it was an old printer installed on a windows machine. uninstalling that fixed it

jp flag
port 9100 is usually Prometheus node exporter or HP JetDirect printers
cn flag
I'm aware of that. it is the old ip of my printer, which is now `10.10.10.145`
de flag
does this answers your questions: https://serverfault.com/questions/352259/finding-short-lived-tcp-connections-owner-process
in flag
Please don't edit your answer into the question. Post it as an answer instead and accept it when you are allowed to do so. Otherwise the question will stay in the system as unsolved forever.
cn flag
@GeraldSchneider I have rephrased it and posted the solution as an answer. i originally posted it as an update since i didn't see it working,.
Score:0
cn flag

Based on the answer(s) here: https://serverfault.com/a/352275/246640 (tip from the comments)

Running

while true;do
   ss dst 192.168.1.145 -ntap  '( dport = :9100 )' | grep 145;
   sleep 1; 
done

Will make sure to show only a line when a packet is sent to that IP and port...

This diverges from the linked answer in that it shows non-established connections instead of established connections.

To verify that it works:

Run this in a different terminal: curl 192.168.145:9100 it show up in the output:

State                  Recv-Q                Send-Q                               Local Address:Port                                 Peer Address:Port
SYN-SENT               0                     1                                     10.10.10.240:59494                               192.168.1.145:9100                users:(("curl",pid=25945,fd=3))
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.