LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-23-2006, 09:38 AM   #1
divukman
Member
 
Registered: Sep 2005
Location: Split, Croatia
Distribution: Gentoo/Debian
Posts: 140
Blog Entries: 8

Rep: Reputation: 15
netstat question - identifying process


Hi all.
I'm wondering how can I know the missing pid's?

Code:
# netstat -pat | grep LISTEN
tcp        0      0 *:2049                  *:*                     LISTEN     -                   
tcp        0      0 *:pop3s                 *:*                     LISTEN     2641/dovecot        
tcp        0      0 *:5901                  *:*                     LISTEN     27240/Xtightvnc     
tcp        0      0 *:686                   *:*                     LISTEN     2627/rpc.mountd     
tcp        0      0 *:19150                 *:*                     LISTEN     2582/gkrellmd       
tcp        0      0 *:sunrpc                *:*                     LISTEN     2169/portmap        
tcp        0      0 *:www                   *:*                     LISTEN     2669/apache         
tcp        0      0 *:x11-1                 *:*                     LISTEN     27240/Xtightvnc     
tcp        0      0 *:auth                  *:*                     LISTEN     2591/inetd          
tcp        0      0 *:ftp                   *:*                     LISTEN     2591/inetd          
tcp        0      0 *:smtp                  *:*                     LISTEN     2553/exim4          
tcp        0      0 *:3228                  *:*                     LISTEN     -                   
tcp        0      0 localhost.localdoma:702 *:*                     LISTEN     2646/famd           
tcp6       0      0 localhost:6880          *:*                     LISTEN     6205/java           
tcp6       0      0 *:6881                  *:*                     LISTEN     6205/java           
tcp6       0      0 localhost:45100         *:*                     LISTEN     6205/java           
tcp6       0      0 *:19150                 *:*                     LISTEN     2582/gkrellmd       
tcp6       0      0 *:ssh                   *:*                     LISTEN     2633/sshd           
tcp6       0      0 *:smtp                  *:*                     LISTEN     2553/exim4
 
Old 08-23-2006, 10:15 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
"lsof -lMnP -i tcp:2049" or "fuser -n tcp 2049"?
 
Old 08-23-2006, 10:20 AM   #3
divukman
Member
 
Registered: Sep 2005
Location: Split, Croatia
Distribution: Gentoo/Debian
Posts: 140

Original Poster
Blog Entries: 8

Rep: Reputation: 15
Question

Quote:
Originally Posted by unSpawn
"lsof -lMnP -i tcp:2049" or "fuser -n tcp 2049"?
Code:
[04:40 PM Wed Aug 23][root@starbase]:/home/mito
# lsof -lMnP -i tcp:2049
[04:40 PM Wed Aug 23][root@starbase]:/home/mito
# fuser -n tcp 2049
[04:41 PM Wed Aug 23][root@starbase]:/home/mito
# fuser -n tcp 5901
5901/tcp:            27240
Could it be some residue of a previous process listening on that socket, now hanging ?
 
Old 08-23-2006, 10:29 AM   #4
AAnarchYY
Member
 
Registered: Sep 2004
Location: Carlisle, MA
Distribution: Debian 8
Posts: 419

Rep: Reputation: 30
after a quick google i found:
port 3228 is a gnutella port
port 2049 is a NFS port

did you try and connect to those ports to look for banners or some type of responce?
 
Old 08-23-2006, 10:35 AM   #5
divukman
Member
 
Registered: Sep 2005
Location: Split, Croatia
Distribution: Gentoo/Debian
Posts: 140

Original Poster
Blog Entries: 8

Rep: Reputation: 15
Quote:
Originally Posted by AAnarchYY
after a quick google i found:
port 3228 is a gnutella port
port 2049 is a NFS port

did you try and connect to those ports to look for banners or some type of responce?
Code:
$ telnet starbase 2049
Trying 192.168.0.185...
Connected to starbase.homenetwork.
Escape character is '^]'.
Same with other port.

ps
I've just found this. Will take a closer look.
http://lists.debian.org/debian-secur.../msg00055.html

Last edited by divukman; 08-23-2006 at 10:41 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
question netstat command nick623 Linux - Newbie 2 01-31-2005 08:53 PM
Question about netstat results JaseP Linux - Security 4 11-18-2004 01:09 PM
Problem identifying process beegster Linux - Newbie 5 06-28-2004 10:57 PM
netstat question zepplin611 Linux - Networking 2 01-01-2004 03:54 PM
netstat question digsby0007 Linux - Networking 1 12-27-2003 06:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration