Security Basics mailing list archives
Re: Unknow process listening on high port
From: Shawn Badger <sbadger () cskauto com>
Date: Wed, 26 Oct 2005 09:47:04 -0700
Fuser says the port is here, but gives no more information. I have ran chkrootkit on the servers and fortunately they both came back clean. I have also started watching traffic on the ports in question and noticed every so often that and pulls a couple test web pages. This is part of the High availability service and just using that high port to connect to the other server. I am not seeing any connections coming into the port in 24 hours of monitoring. I will keep monitoring and see what I find. Does anyone know why netstat reports a - for the pid though? On Tue, 2005-10-25 at 16:26 -0500, Bob Hacker wrote:
fuser -v -n tcp 39207 -bob On 10/25/05, Shawn Badger <sbadger () cskauto com> wrote: I have been auditing a couple of my Suse enterprise 9 servers and have come across a different port on each of them that doesn't show up when I use lsof, but show up in nmap and netstat. The ports are 39207/tcp on one server and 49751/tcp on the other. When I do lsof -i -n and grep it for the proper port I get no output. When I do netstat -ap I get an output, but the pid shows up as -. I haven't seen a process show up as a - before and don't where to start looking for that process. Here is the output of the netstat: server1:~# netstat -ap |grep 39207 tcp 0 0 *:39207 *:* LISTEN - I get the same results on the other server as well Any ideas would be appreciated.
Current thread:
- Unknow process listening on high port Shawn Badger (Oct 25)
- Re: Unknow process listening on high port David (Oct 26)
- Re: Unknow process listening on high port Bryan Andrews (Oct 26)
- Message not available
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- Re: Unknow process listening on high port Justin (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 31)
- Re: Unknow process listening on high port Adam (Oct 31)
- Re: Unknow process listening on high port Shawn Badger (Oct 26)
- <Possible follow-ups>
- Re: Unknow process listening on high port Steve.Cummings (Oct 26)
- Re: Unknow process listening on high port Shawn Badger (Oct 27)