Stupid Questions

bfloeagle · 07-03-2001, 11:52 AM

How do you see what services/programs/anything are running and how do kill/restart them? (without using the 'service ~whatever~ start/stop/restart' command when logged in as root...)

My firewall logs (iptables) have multiple lines with 0.0.0.0 as the source ip address. Is this my system, someone spoofing the ip address, or both? (or neither.....)

Andy
Thanx for understanding!

rshaw · 07-03-2001, 12:01 PM

in gnome use gtop, it will show all the running processes, as well as how much memory/processor power it is using. kde has a similar program i think it's called kprocess, look around in the menu, it,s there somewhere. both will let you kill progs nicely (hup) or not so nicely (kill)

bfloeagle · 07-03-2001, 12:03 PM

Do you know the commands to do that in a console without being in X? (Like so I can kill or whatever without being infront of the computer?)

rshaw · 07-03-2001, 12:17 PM

sorry, i'm sure someone will post soon with an answer

trickykid · 07-03-2001, 12:20 PM

top is the command you would use at the command without being in X to view processes, if that is what your wanting to know?

val · 07-03-2001, 12:40 PM

try: man ps
that will give you the manual for the comand that displays the running processes.
after that, check out: man kill
that'll tell you how to kill/stop/pause whatever process you want.

bfloeagle · 07-03-2001, 02:29 PM

Thanx val! Now does anybody know about the IP stuff I posted at the top of the message???

Andy

trickykid · 07-03-2001, 04:06 PM

Tell you the truth, I am not sure of how your firewall would indicate or pick up a 0.0.0.0 IP address. Usually if someone is spoofing, I think most of the time or sniffing, it won't even pick up with ipchains or iptables. Not sure though, not a network security expert on that one, you might want to post that in the sucurity or networking forums, probably get a quicker response.
raz the moderator might know for the security, he always seems to answer the security questions quite well.

kuikfox · 07-03-2001, 09:23 PM

to kill a process:

login as root:
perform a " top "
find your run-away program...
determine the pid = ( process id number )
then do :

kill -9 [ pid ]

where pid is the corresponding number of the run-away program.

jharris · 07-04-2001, 03:16 AM

The only times that I've seen 0.0.0.0 used with when you want to match any IP address...

HTH

Jamie...

ctdp · 07-04-2001, 08:41 PM

Could be a computer booting that has no IP address. A computer that gets its address through DHCP or BOOTP initially has an address of 0.0.0.0. It sends a broadcast to 255.255.255.255.67. This may be what is happening but I am not familiar with your setup.
For more info see item 34 at:
http://ctdp.tripod.com/independent/n...ide/index.html

GonzoJohn · 07-04-2001, 09:13 PM

Not to beat a dead horse (a lot of good answers here) but it would be helpful to know what distro you're running. In regards to what daemons are running, look at the /etc/services file as well as running the command "ps aux" to see all the process IDs. Depending on your distro, some processes will be running under inetd or xinetd. To configure what daemons run for various run levels, try tksysv. A very useful little util.