What is busboy ??? Listening on TCP port 998
k. I setup nfs on a slack 10 box, partly by going over http://nfs.sourceforge.net/nfs-howto/server.html and partly by going over http://www.linuxhelp.ca/guides/nfs/ and partly by going over http://slackware.com/book/index.php?source=x1304.html
Well, nowhere in any of these docs does it say anything about "busboy". Sometimes I see it when I "nmap localhost" and sometimes I don't.
All of my googles only come up with IANA port assignments - I can find no mention anywhere of exactly what busboy is. I track it with lsof, fuser, etc... I can see it's related to portmap and nfs somehow, but I've even done a search through the rfc system itself and rfc1060 rfc1340 and rfc1700 are the only things that come up - again, they only show that busboy listens on TCP port 998.
So...... What is busboy?
It would seem, from the lack of response so far, that not many people actually know what busboy is ;)
Well, in the meantime, I have moved on, to other things, but I'm still interested, and still going to :study: this issue now that it's got my curiosity piqued....
What is busboy
Next time you see it, run the following as root:
fuser -n tcp 998 <--this will give you a PID number which you can then lookup in /proc/PID#/cmdline
Hopefully one of those should turn up the identity of the application using that port. For what it's worth, I highly doubt that it's "busboy", older nmap versions just compare the numeric port number to /etc/services and report that as the port name. If I had to gues, I'd say it's probably something related to nfs, like rpc.statd or something related.
If you're still not sure what it is after you identify the process, you may want to see what it is doing via strace:
strace -fp PID
|All times are GMT -5. The time now is 01:06 PM.|