Find the short-lived process that is polling my port? I've noticed one of the headless computers in my network is constantly polling the VNC port on another computer. My problem is, that when I see the port from which...--prophetes.ai

Find the short-lived process that is polling my port? I've noticed one of the headless computers in my network is constantly polling the VNC port on another computer. My problem is, that when I see the port from which it has connected (with tcpdump) and try to find the process with `netstat -anp|grep PORT`, the process is already killed and nothing is found (the process seems to live for less than a millisecond). Is there something similar to tcpdump that would report process names & PIDs? Or some smart way of doing strace to capture the program?

Try auditctl, it will help. Enabling below rule can flood your system so use just form debugging.

auditctl -a exit,always -S execve

reference : <