How to trace this IP

Question

Using nethogs on fedora, I see this process which I never seen before, I hate the fact that it's there, I want to trace it and remove it

The IP I see

 ? root     ..2.168.1.5:59060-52.216.              0.000       0.011 KB/sec

And many others as indicated in the screenshot, I suspect it's a malware, running clamav as we speak, but I don't think it will catch anything, hence I'm asking this question.

Please [don't post images of text](http://meta.unix.stackexchange.com/questions/4086/psa-please-dont-post-images-of-text). — Kusalananda, Feb 11 '17 at 12:30
Well, it's unclear. That's two partial IP numbers. Can't do much with them. — Kusalananda, Feb 11 '17 at 12:35

score 2 · Accepted Answer · edited Apr 13 '17 at 12:37

2

You can't "trace and remove an IP", but you can kill the process holding a specific port on your system.

I'm assuming that the IP number ending in 2.168.1.5 is your machine.

To figure out what's using port 59060, do

$ sudo lsof -i :59060

See also How to close ports in Linux?

edited Apr 13 '17 at 12:37

Community

1

answered Feb 11 '17 at 12:48

Kusalananda

320,670
36
633
936

thank you, here's upvote from me, I tried that didn't output anything, and now the process stopped working, I'll accept your answer tomorrow morning, giving other people time to answer and giving me time to further investigate the issue – Lynob Feb 11 '17 at 12:56

How to trace this IP

1 Answers1