From owner-freebsd-questions@freebsd.org Sat Feb 16 17:43:28 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A3C414EF664 for ; Sat, 16 Feb 2019 17:43:28 +0000 (UTC) (envelope-from bblister@gmail.com) Received: from n6.nabble.com (n6.nabble.com [162.255.23.37]) by mx1.freebsd.org (Postfix) with ESMTP id EBF4F93D2C for ; Sat, 16 Feb 2019 17:43:26 +0000 (UTC) (envelope-from bblister@gmail.com) Received: from n6.nabble.com (localhost [127.0.0.1]) by n6.nabble.com (Postfix) with ESMTP id 5BE57C5EA02A for ; Sat, 16 Feb 2019 10:43:20 -0700 (MST) Date: Sat, 16 Feb 2019 10:43:20 -0700 (MST) From: BBlister To: freebsd-questions@freebsd.org Message-ID: <1550339000372-0.post@n6.nabble.com> Subject: Cannot identify process of listening port 600/tcp6 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: EBF4F93D2C X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dmarc=fail reason="" header.from=gmail.com (policy=none); spf=softfail (mx1.freebsd.org: 162.255.23.37 is neither permitted nor denied by domain of bblister@gmail.com) smtp.mailfrom=bblister@gmail.com X-Spamd-Result: default: False [2.06 / 15.00]; ARC_NA(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.71)[0.713,0]; IP_SCORE(0.21)[ip: (0.90), ipnet: 162.255.20.0/22(0.18), asn: 21624(0.04), country: US(-0.07)]; NEURAL_SPAM_SHORT(0.58)[0.584,0]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_SPAM_LONG(0.46)[0.459,0]; RCVD_IN_DNSWL_NONE(0.00)[37.23.255.162.list.dnswl.org : 127.0.10.0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:21624, ipnet:162.255.20.0/22, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Feb 2019 17:43:28 -0000 Dear, I am trying to identify what process is listening on port 600/tcp6. I have tried: # lsof -n -P | grep :600 # --nothing # sockstat -a | grep :600 ? ? ? ? tcp6 *:600 *:* # netstat -an | grep 600 tcp6 0 0 *.600 *.* LISTEN I can connect to this port, but I receive no output to my commands: # telnet ::1 600 Trying ::1... Connected to localhost. Escape character is '^]'. help ? test My uname: # uname -a FreeBSD XXX 11.2-RELEASE-p8 FreeBSD 11.2-RELEASE-p8 #0: Tue Jan 8 21:35:12 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 # kldstat Id Refs Address Size Name 1 37 0xffffffff80200000 20647c8 kernel 2 1 0xffffffff82266000 2d40 coretemp.ko 3 1 0xffffffff82421000 6fc4 tmpfs.ko 4 1 0xffffffff82428000 41f0 linprocfs.ko 5 2 0xffffffff8242d000 2d28 linux_common.ko 6 1 0xffffffff82430000 195c linsysfs.ko 7 4 0xffffffff82432000 20198 ipfw.ko 8 1 0xffffffff82453000 24a0 if_tap.ko 9 1 0xffffffff82456000 107a0 dummynet.ko 10 1 0xffffffff82467000 13f0 ipdivert.ko 11 1 0xffffffff82469000 21b0 ipfw_nat.ko 12 1 0xffffffff8246c000 a4f2 libalias.ko Perhaps this is a kernel module, but which? Is this a strange rootkit? I did not reboot the machine, because I would like to locate the offending process first. This box runs nginx and rtorrent. Thanks! -- Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-questions-f3696945.html