How to tell who is connected via vnc to my machine?
22,594
On Linux,
ss sport = :5900
Would tell you the currently established TCP connections on port 5900.
For anything else, we'd need to know what VNC server you're using as there exist dozens.
If you know the name of the VNC server command,
lsof -ai tcp -c that-command
(as the user running the VNC server or as root) would also tell you the currently established TCP connections handled by that VNC server (in case it's not on port 5900).
Among the methods to close a TCP connection in the general case, there's:
tcpkill
(fromdsniff
package) that fakes the TCP packets that would close a connection.iptstate
(Linux). If you're using a statefull firewall. You can remove the connection from the Linux connection tracker table (x iniptstate
), which would usually cause newer packets to be ignored (if the firewall is configured to only accept new connections with TCP SYN). It wouldn't kill the connection, just make it inactive though.- Add firewall rules to reject further packets transmitted/received in that connection (on Linux,
iptables
with target "REJECT", matching on source and destination TCP ports and IP addresses in OUTPUT and INPUT filter chains) - attach gdb to the running vnc server and do
call close(fd)
where fd is the file descriptor for the corresponding socket (which you've found out withlsof
) followed bydetach
(it may confuse the vnc server a lot those, callingshutdown
instead ofclose
may be safer).
Related videos on Youtube
Author by
lanes
Updated on September 18, 2022Comments
-
lanes over 1 year
How do I check how many vnc connections or different users are currently connected to my machine? Only through wireshark? And how do I kill any other users connected through vnc?
-
AshMv over 11 yearsFYI, I needed to use
sudo
to runlsof
to get output on my Raspberry Pi (Raspbian/Debian Linux). -
Stéphane Chazelas over 11 years@HeatfanJohn. Yes a user can only see the information from the processes it owns. So you'd need to be root or the user running the vnc server.