LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   What is busboy ??? Listening on TCP port 998 (http://www.linuxquestions.org/questions/linux-security-4/what-is-busboy-listening-on-tcp-port-998-a-267173/)

tallship 12-16-2004 04:47 PM

What is busboy ??? Listening on TCP port 998
 
k. I setup nfs on a slack 10 box, partly by going over http://nfs.sourceforge.net/nfs-howto/server.html and partly by going over http://www.linuxhelp.ca/guides/nfs/ and partly by going over http://slackware.com/book/index.php?source=x1304.html

Well, nowhere in any of these docs does it say anything about "busboy". Sometimes I see it when I "nmap localhost" and sometimes I don't.

All of my googles only come up with IANA port assignments - I can find no mention anywhere of exactly what busboy is. I track it with lsof, fuser, etc... I can see it's related to portmap and nfs somehow, but I've even done a search through the rfc system itself and rfc1060 rfc1340 and rfc1700 are the only things that come up - again, they only show that busboy listens on TCP port 998.

So...... What is busboy?

tallship 12-17-2004 12:34 PM

hm....

It would seem, from the lack of response so far, that not many people actually know what busboy is ;)

Well, in the meantime, I have moved on, to other things, but I'm still interested, and still going to :study: this issue now that it's got my curiosity piqued....

What is busboy

Capt_Caveman 12-17-2004 03:44 PM

Next time you see it, run the following as root:
netstat -pantu
lsof -i
fuser -n tcp 998 <--this will give you a PID number which you can then lookup in /proc/PID#/cmdline

Hopefully one of those should turn up the identity of the application using that port. For what it's worth, I highly doubt that it's "busboy", older nmap versions just compare the numeric port number to /etc/services and report that as the port name. If I had to gues, I'd say it's probably something related to nfs, like rpc.statd or something related.

cormander 12-17-2004 07:59 PM

If you're still not sure what it is after you identify the process, you may want to see what it is doing via strace:

strace -fp PID

-Corey


All times are GMT -5. The time now is 09:16 AM.