-   Linux - Security (
-   -   What is busboy ??? Listening on TCP port 998 (

tallship 12-16-2004 05:47 PM

What is busboy ??? Listening on TCP port 998
k. I setup nfs on a slack 10 box, partly by going over and partly by going over and partly by going over

Well, nowhere in any of these docs does it say anything about "busboy". Sometimes I see it when I "nmap localhost" and sometimes I don't.

All of my googles only come up with IANA port assignments - I can find no mention anywhere of exactly what busboy is. I track it with lsof, fuser, etc... I can see it's related to portmap and nfs somehow, but I've even done a search through the rfc system itself and rfc1060 rfc1340 and rfc1700 are the only things that come up - again, they only show that busboy listens on TCP port 998.

So...... What is busboy?

tallship 12-17-2004 01:34 PM


It would seem, from the lack of response so far, that not many people actually know what busboy is ;)

Well, in the meantime, I have moved on, to other things, but I'm still interested, and still going to :study: this issue now that it's got my curiosity piqued....

What is busboy

Capt_Caveman 12-17-2004 04:44 PM

Next time you see it, run the following as root:
netstat -pantu
lsof -i
fuser -n tcp 998 <--this will give you a PID number which you can then lookup in /proc/PID#/cmdline

Hopefully one of those should turn up the identity of the application using that port. For what it's worth, I highly doubt that it's "busboy", older nmap versions just compare the numeric port number to /etc/services and report that as the port name. If I had to gues, I'd say it's probably something related to nfs, like rpc.statd or something related.

cormander 12-17-2004 08:59 PM

If you're still not sure what it is after you identify the process, you may want to see what it is doing via strace:

strace -fp PID


All times are GMT -5. The time now is 01:00 AM.