Re: unidentified process
From: dan sawyer (dansawyer@earthlink.net)
Date: 01/28/03
- Next message: Bill K.: "iptables"
- Previous message: Robert Flint: "Port number query"
- In reply to: ynotssor: "Re: unidentified process"
- Next in thread: mr.e: "Re: unidentified process"
- Reply: mr.e: "Re: unidentified process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dan sawyer <dansawyer@earthlink.net> Date: Tue, 28 Jan 2003 17:31:37 GMT
Thank you,
The port id does not show up in the lsof process trace.
I have an activity that is requesting reverse arps from the
first name server listed in resolv.conf. These show up on an
tcpdump -i eth1 trace. However I can find no other evidence
in the system.
Are there other trace tools beyond lsof ??
Dan
ynotssor wrote:
> "dan sawyer" <dansawyer@earthlink.net> wrote in message news:3E35F836.6010800@earthlink.net
>
> [...]
>
>>I have booted with all services off and then started
>>network. As soon as the external link starts the reverse
>>arps start. In this case the usual suspects such as sendmail
>>were not active.
>>
>>netstat -tupan once showed a syn port to the then active
>>requesting port. However normally it shows nothing.
>>
>>ps -A also shows nothing extradinary.
>>
>>Advice on how to isolate this would be appreciated.
>
>
> "lsof -i" will give a snapshot of all port activity allowing you to see what PID
> is associated with the offending process(es). You can repeat every 5 seconds
> with "-r 5" if needed to see which process is doing the port sleight-of-hand.
>
> Once you have the PID(s) then you can "-p PID[,PID,...]" to see what files and
> devices are involved.
>
>
> tony
>
- Next message: Bill K.: "iptables"
- Previous message: Robert Flint: "Port number query"
- In reply to: ynotssor: "Re: unidentified process"
- Next in thread: mr.e: "Re: unidentified process"
- Reply: mr.e: "Re: unidentified process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
