An interesting aside on this one. I did a netstat -plt on my workstation (which is behind a strong firewall) and got the following. Notice how the controlling process doesn't show up, and I am wondering what is listening on port 32768 and 32769, even an lsof doesn't tell me:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:32768 *:* LISTEN - tcp 0 0 *:32769 *:* LISTEN - tcp 0 0 *:printer *:* LISTEN - tcp 0 0 *:netbios-ssn *:* LISTEN - tcp 0 0 *:sunrpc *:* LISTEN - tcp 0 0 *:x11 *:* LISTEN - tcp 0 0 *:ssh *:* LISTEN - On Thu, 13 Dec 2001, Andre Pang wrote: > Try "netstat -lp": > > -l: shows listening ports > > -p: shows the programs which are doing the listening > > e.g. a snippet from my system looks like: > > 23:00(0) intensify:~% S netstat -lp > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State >PID/Program name > tcp 0 0 *:printer *:* LISTEN >328/lpd > tcp 0 0 *:time *:* LISTEN >322/inetd > tcp 0 0 *:discard *:* LISTEN >322/inetd > tcp 0 0 *:daytime *:* LISTEN >322/inetd > tcp 0 0 localhost:20110 *:* LISTEN >4453/ssh > tcp 0 0 *:x11 *:* LISTEN >467/X > tcp 0 0 *:www *:* LISTEN >371/apache > > You should be able to run down the rogue program that way. > > > -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "We are either doing something, or we are not. 'Talking about' is a subset of 'not'." -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
