On Thu, Dec 13, 2001 at 11:08:57PM +1100, Stephan Borg wrote:
> Port State Service
> 139/tcp filtered netbios-ssn - I don't have Samba
> 515/tcp filtered printer - no lpr as far as I'm
> aware
> 1080/tcp filtered socks - no socks as far as I'm
> aware
> 2003/tcp filtered cfingerd - the binary for this one
> is on the server, but is not enabled in Inetd
> 2049/tcp filtered nfs - No NFS
> 12345/tcp filtered NetBus
> 12346/tcp filtered NetBus
>
> I have search high and low, even tried re-installing the procps package,
> looking for any clues, but am unable to find anything.
Try "netstat -lp":
-l: shows listening ports
-p: shows the programs which are doing the listening
e.g. a snippet from my system looks like:
23:00(0) intensify:~% S netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:printer *:* LISTEN
328/lpd
tcp 0 0 *:time *:* LISTEN
322/inetd
tcp 0 0 *:discard *:* LISTEN
322/inetd
tcp 0 0 *:daytime *:* LISTEN
322/inetd
tcp 0 0 localhost:20110 *:* LISTEN
4453/ssh
tcp 0 0 *:x11 *:* LISTEN
467/X
tcp 0 0 *:www *:* LISTEN
371/apache
You should be able to run down the rogue program that way.
--
#ozone/algorithm <[EMAIL PROTECTED]> - trust.in.love.to.save
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
