Re: Unknow process listening on high port

[Shawn Badger <sbadger () cskauto com>]

Fuser says the port is here, but gives no more information. I have ran
chkrootkit on the servers and fortunately they both came back clean. I
have also started watching traffic on the ports in question and noticed
every so often that and pulls a couple test web pages. This is part of
the High availability service and just using that high port to connect
to the other server. I am not seeing any connections coming into the
port in 24 hours of monitoring. I will keep monitoring and see what I
find. Does anyone know why netstat reports a - for the pid though?



On Tue, 2005-10-25 at 16:26 -0500, Bob Hacker wrote:
> fuser -v -n tcp 39207
>  
> -bob
>
>
>  
> On 10/25/05, Shawn Badger <sbadger () cskauto com> wrote: 
>         I have been auditing a couple of my Suse enterprise 9 servers
>         and have
>         come across a different port on each of them that doesn't show
>         up when I 
>         use lsof, but show up in nmap and netstat. The ports are
>         39207/tcp on
>         one server and 49751/tcp on the other. When I do lsof -i -n
>         and grep it
>         for the proper port I get no output. When I do netstat -ap I
>         get an
>         output, but the pid shows up as -. I haven't seen a process
>         show up as a
>         - before and don't where to start looking for that process.
>         Here is the
>         output of the netstat:
>         server1:~# netstat -ap |grep 39207
>         
>         tcp        0      0 *:39207                 *:* 
>         LISTEN -
>         
>         
>         I get the same results on the other server as well Any ideas
>         would be
>         appreciated.
>         
>         
>