How to tell who is connected via vnc to my machine?

Question

How do I check how many vnc connections or different users are currently connected to my machine? Only through wireshark? And how do I kill any other users connected through vnc?

Stéphane Chazelas · Answer 1 · 2012-11-06T06:50:08.520

On Linux,

ss sport = :5900

Would tell you the currently established TCP connections on port 5900.

For anything else, we'd need to know what VNC server you're using as there exist dozens.

If you know the name of the VNC server command,

lsof -ai tcp -c that-command

(as the user running the VNC server or as root) would also tell you the currently established TCP connections handled by that VNC server (in case it's not on port 5900).

Among the methods to close a TCP connection in the general case, there's:

tcpkill (from dsniff package) that fakes the TCP packets that would close a connection.
iptstate (Linux). If you're using a statefull firewall. You can remove the connection from the Linux connection tracker table (x in iptstate), which would usually cause newer packets to be ignored (if the firewall is configured to only accept new connections with TCP SYN). It wouldn't kill the connection, just make it inactive though.
Add firewall rules to reject further packets transmitted/received in that connection (on Linux, iptables with target "REJECT", matching on source and destination TCP ports and IP addresses in OUTPUT and INPUT filter chains)
attach gdb to the running vnc server and do call close(fd) where fd is the file descriptor for the corresponding socket (which you've found out with lsof) followed by detach (it may confuse the vnc server a lot those, calling shutdown instead of close may be safer).

FYI, I needed to use `sudo` to run `lsof` to get output on my Raspberry Pi (Raspbian/Debian Linux). — HeatfanJohn, Nov 05 '12 at 15:14
@HeatfanJohn. Yes a user can only see the information from the processes it owns. So you'd need to be root or the user running the vnc server. — Stéphane Chazelas, Nov 05 '12 at 15:52

score 0 · Answer 2 · edited Nov 04 '15 at 15:12

0

Assuming your vnc server is Xvnc, try this one-liner:

lsof -Pni | grep Xvnc | grep -v LISTEN

This will list active connections and show you their process PID and IP addresses.

edited Nov 04 '15 at 15:12

Raphael Ahrens

9,701
5
37
52

answered Nov 04 '15 at 15:04

Jeremy

1

HeatfanJohn · Answer 3 · 2012-11-05T15:20:16.270

0

According to this article the following command will show connections to processes containing "VNC command-line":

# sudo netstat -p | grep <name of VNC command-line>

Update

Please note that the netstat command has to run as root

edited Nov 05 '12 at 15:20

answered Nov 05 '12 at 14:16

HeatfanJohn

1,285
13
17

score 0 · Answer 4 · answered Aug 30 '20 at 19:10

I was looking for a similar command to figure out what port(s) I had vnc servers listening on and this is what I came up with.

ss -a -t '( dport >= :5900 & dport <= :5999 | sport >= :5900 & sport <= :5999 )'

See a longer explanation of the filter syntax and links to the source in the other answers/comments here.

How to tell who is connected via vnc to my machine?

4 Answers4