Thanks for the quick answers to:
Michael Matthews <matthewm_at_aeac.atd.net>
Neil Dyce <Neil.Dyce_at_bristol.ac.uk>
Karl Majer <majer_at_aol.net
Original question was:
Is there a way to determine what process answers at specified
port? I have a reason to believe that one of our systems has
been compromised and I noticed that the machine answers to
port 1025. This shouldnt be anything like ftp data port
and I of course have checked inetd.conf etc.
And the solution:
The solution was to to use lsof (LiSt Open Files). lsof -i
shows all open network sockets and in my case what was needed
was lsof -i TCP:1025.
(If anyone is interested in my case it was rpc.ttdbserverd
which was answering at port 1025. Dont know why it wasnt
disabled before).
Lsof can be found at:
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
--
Mika Tuupola tuupola_at_appelsiini.net
Appelsiini Networks http://www.appelsiini.net/
Received on Fri Jul 24 1998 - 13:22:21 NZST