How to track which process is using a certain port
If you need to figure out what is coming in or going out of your server, there are a few useful commands for this.
In this example, we're going to track connections that are using port 25.
On Linux (CentOS/Debian), you can use the netstat command:
netstat -np --protocol=inet | grep ESTABLISHED | grep :25
or on FreeBSD:
sockstat -c -p 25 -P tcp
Both types should generate a PID number. The netstat command will provide the PID number on the far right, and sockstat is the 3rd column.
Once you know the PID number that is using the connection, you can then type:
ps aux | grep 1234
where you'd replace 1234
with the PID number you got from the output. From there, you can try and track down the source.
Using the pid number to get into from /proc/1234
is also useful.