Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Nakamura,
Try using the lsof utility.
lsof -i tcp:1010 will tell you what program is listening on TCP
port 1010. If that's not working, it may be some oddity in how Sun
handles RPC services...
See, it sounds like an RPC service if it's jumping port numbers.
RPC does this, because the port numbers aren't constant. Instead,
they're registered with rpcbind/portmap.
To find out what port numbers your RPC programs are using, do
this:
rpcinfo -p
- Jay
In the wise words of Nakamura:
> I'm using Solaris8/Netra T1, and for security kill all the process
> except required.
>
> But, netstat -an shows "BOUND" State as follows.
> This means local address(port) is bound, but not listen, I think.
>
> NetraT1$ netstat -an
>
> TCP: IPv4
> Local Address Remote Address Swind Send-Q Rwind Recv-Q State
> -------------------- -------------------- ----- ------ ----- ------ -------
> *.* *.* 0 0 24576 0 IDLE
> *.21 *.* 0 0 24576 0 LISTEN
> *.23 *.* 0 0 24576 0 LISTEN
> *.1009 *.* 0 0 24576 0 BOUND
> ........
>
> And, the number of this bound port is changing!
> 1016 port is bound, somedays ago.
>
> On other machine different ports is bound.
>
> another NetraT1% netstat -an
> ....
> *.1010 *.* 0 0 24576 0 BOUND
>
> other NetraT1% netstat -an
> ....
> *.1012 *.* 0 0 24576 0 BOUND
>
> lsof can't tell which process open the port.
>
> Does anyone know which process is bound this port(1009,1010,1012)?
--
Consulting / Training: http://www.jjbsec.com
Key: http://www.bastille-linux.org/jay/key.pub
Key fingerprint = A1C6 75B8 1BA6 B085 403B 631A 3248 7B65 090E B308
pub 1024D/090EB308 2002-02-12 Jay Beale (Not very secure key) <jay![]()
zork.net>
![don't click]()