Re: which process bind some port

From: Jay Beale (jay@bastille-linux.org)
Date: 08/27/02


Date: Tue, 27 Aug 2002 09:27:52 -0700
From: Jay Beale <jay@bastille-linux.org>
To: Nakamura <eiji@pfu.fujitsu.com>

Nakamura,

  Try using the lsof utility.

  lsof -i tcp:1010 will tell you what program is listening on TCP
port 1010. If that's not working, it may be some oddity in how Sun
handles RPC services...

  See, it sounds like an RPC service if it's jumping port numbers.
RPC does this, because the port numbers aren't constant. Instead,
they're registered with rpcbind/portmap.

  To find out what port numbers your RPC programs are using, do
this:

        rpcinfo -p

 - Jay

In the wise words of Nakamura:

> I'm using Solaris8/Netra T1, and for security kill all the process
> except required.
>
> But, netstat -an shows "BOUND" State as follows.
> This means local address(port) is bound, but not listen, I think.
>
> NetraT1$ netstat -an
>
> TCP: IPv4
> Local Address Remote Address Swind Send-Q Rwind Recv-Q State
> -------------------- -------------------- ----- ------ ----- ------ -------
> *.* *.* 0 0 24576 0 IDLE
> *.21 *.* 0 0 24576 0 LISTEN
> *.23 *.* 0 0 24576 0 LISTEN
> *.1009 *.* 0 0 24576 0 BOUND
> ........
>
> And, the number of this bound port is changing!
> 1016 port is bound, somedays ago.
>
> On other machine different ports is bound.
>
> another NetraT1% netstat -an
> ....
> *.1010 *.* 0 0 24576 0 BOUND
>
> other NetraT1% netstat -an
> ....
> *.1012 *.* 0 0 24576 0 BOUND
>
> lsof can't tell which process open the port.
>
> Does anyone know which process is bound this port(1009,1010,1012)?

  

-- 
Consulting / Training:  http://www.jjbsec.com
Key:  http://www.bastille-linux.org/jay/key.pub
Key fingerprint = A1C6 75B8 1BA6 B085 403B  631A 3248 7B65 090E B308
pub  1024D/090EB308 2002-02-12 Jay Beale (Not very secure key) <jay@zork.net>



Relevant Pages

  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... , but some of my clients do not want users to ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Intersite Replication problem
    ... I followed Antony's DNS advise and I seens to be working. ... To perform the replication I've schedule a task on the W3K server to dial ... As for RPC The default value for the RPC Replication Timeout registry ... Remote Procedure Call dynamic port allocation is used by remote ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... manually...I just let the CEICW do it for me. ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ...
    (microsoft.public.windows.server.sbs)