Date: Tue, 7 Sep 1999 12:26:21 -0700 From: John-Mark Gurney <gurney_j@efn.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: sthaug@nethelp.no, madrapour@hotmail.com, freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD Message-ID: <19990907122621.30662@hydrogen.fircrest.net> In-Reply-To: <28018.936617908@axl.noc.iafrica.com>; from Sheldon Hearn on Mon, Sep 06, 1999 at 01:38:28PM %2B0200 References: <36622.936445305@verdi.nethelp.no> <28018.936617908@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn scribbled this message on Sep 6: > On Sat, 04 Sep 1999 13:41:45 +0200, sthaug@nethelp.no wrote: > > > You're probably using ssh with X11 forwarding. If you use the > > 'sockstat' program you'll find that sshd is listening to those ports. > > This is the third time I've seen someone try to use netstat to figure > out who's listening to what. Do you think an xref to sockstat would be > completely inappropriate in the netstat(1) manpage? no, but we should include a reference to fstat... you can track down who had a udp socket open, but for some reason the addresses on my 3.0-R box for tcp streams outputed by netstat don't agree w/ any of the addresses that exist in the fstat output... looks like I should extend the description of -A to include a blurb about identifing processes which own a socket/stream... -- John-Mark Gurney Voice: +1 541 684 8449 Cu Networking P.O. Box 5693, 97405 "The soul contains in itself the event that shall presently befall it. The event is only the actualizing of its thought." -- Ralph Waldo Emerson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990907122621.30662>