Date: Mon, 10 May 2004 14:50:17 +0700 From: TSaplin Mikhail <tsmm@list.ru> To: Chris Dillon <cdillon@wolves.k12.mo.us> Cc: freebsd-hackers@freebsd.org Subject: Re: GATEKEEPER.MCAST.NET again (unexpected traffic) Message-ID: <200405101450.17072.tsmm@list.ru> In-Reply-To: <20040510001226.T67823@duey.wolves.k12.mo.us> References: <200405091922.36624.tsmm@list.ru> <20040510001226.T67823@duey.wolves.k12.mo.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 10 May 2004 12:31, you wrote: > On Sun, 9 May 2004, TSaplin Mikhail wrote: > > Recently I wrote, that I have litle traffic to GATEKEEPER.MCAST.NET, > > (tcpdump show this: > > 20:32:41.496039 129dial.supernet.kz.52075 > GATEKEEPER.MCAST.NET.1718: > > udp 31 ) > > > > David Malone <dwmalone@maths.tcd.ie> on my question wrote: > > >Does sockstat show which process is using port 52075? > > > > No, sockstat show nothing about this. > > > > I've installed new system due express installation - but packets is steel > > going. > > > > Maybe this is going on your 5.1 system, and is this right? > > Those are multicast UDP packets being sent by an H.323 endpoint > application trying to find a local H.323 gatekeeper. Since they are > multicast, they will stay within your LAN unless you have explicitly > configured a router or tunnel to carry them out of it. Totally > harmless, unless you really don't want any H.323-enabled applications > installed and running. Use sockstat to look for anything listening on > the 224.0.1.41 (gatekeeper.mcast.net) address. I know that H.323 protocol is used by ip-phones and releated software. And i don't understand why it sitting on my clean system (i've installed it without packages, except ltmdm(modem driver)). what form of sockstat i should use? Now `sockstat -l` shows: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS misher kget 649 12 udp4 *:* *:* misher xmms 639 6 stream /var/tmp/xmms_misher.0 misher kdeinit 637 12 stream /tmp/.ICE-unix/637 misher kdeinit 606 12 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0 root XFree86 580 1 stream /tmp/.X11-unix/X0 mysql mysqld 565 5 tcp4 *:3306 *:* mysql mysqld 565 6 stream /tmp/mysql.sock root inetd 540 4 tcp4 *:21 *:* root inetd 540 5 tcp4 *:23 *:* root inetd 540 6 udp4 *:518 *:* www httpd 480 3 tcp46 *:80 *:* www httpd 479 3 tcp46 *:80 *:* www httpd 478 3 tcp46 *:80 *:* www httpd 477 3 tcp46 *:80 *:* www httpd 476 3 tcp46 *:80 *:* root httpd 461 3 tcp46 *:80 *:* root sendmail 422 4 tcp4 *:25 *:* root sendmail 422 5 tcp4 *:587 *:* root sshd 417 3 tcp6 *:22 *:* root sshd 417 4 tcp4 *:22 *:* bind named 275 4 udp4 *:49152 *:* bind named 275 5 stream /var/run/ndc bind named 275 20 udp4 127.0.0.1:53 *:* bind named 275 21 tcp4 127.0.0.1:53 *:* bind named 275 22 udp4 192.168.0.1:53 *:* bind named 275 23 tcp4 192.168.0.1:53 *:* bind named 275 24 udp4 192.168.0.2:53 *:* bind named 275 25 tcp4 192.168.0.2:53 *:* root syslogd 267 3 dgram /var/run/log root syslogd 267 4 udp6 *:514 *:* root syslogd 267 5 udp4 *:514 *:* `sockstat` without args: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS misher kmail 1059 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kmail 1059 6 stream -> /tmp/.X11-unix/X0 misher kmail 1059 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 1023 5 stream -> /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 885 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 885 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 885 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 651 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 651 6 stream -> /tmp/.ICE-unix/637 misher kdeinit 651 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kget 649 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kget 649 6 stream -> /tmp/.X11-unix/X0 misher kget 649 7 stream -> /tmp/.ICE-unix/637 misher kget 649 12 udp4 *:* *:* misher xscreensav 645 3 stream -> /tmp/.X11-unix/X0 misher kdeinit 644 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 644 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 644 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 641 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 641 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 641 7 stream -> /tmp/.ICE-unix/637 misher xmms 639 5 stream -> /tmp/.X11-unix/X0 misher xmms 639 6 stream /var/tmp/xmms_misher.0 misher xmms 639 9 stream -> /tmp/.X11-unix/X0 misher xmms 639 10 stream -> /tmp/.ICE-unix/637 misher kdeinit 638 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 638 6 stream -> /tmp/.ICE-unix/637 misher kdeinit 638 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 637 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 637 6 stream /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 637 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 637 12 stream /tmp/.ICE-unix/637 misher kdeinit 637 13 stream /tmp/.ICE-unix/637 misher kdeinit 637 14 stream /tmp/.ICE-unix/637 misher kdeinit 637 16 stream /tmp/.ICE-unix/637 misher kdeinit 637 18 stream /tmp/.ICE-unix/637 misher kdeinit 637 20 stream /tmp/.ICE-unix/637 misher kdeinit 637 21 stream /tmp/.ICE-unix/637 misher kdeinit 637 23 stream /tmp/.ICE-unix/637 misher kdeinit 637 29 stream /tmp/.ICE-unix/637 misher kwrapper 635 3 stream -> /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 634 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 634 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 632 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 632 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 616 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 616 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 608 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 608 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 608 12 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 606 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 606 10 stream -> ?? misher kdeinit 606 12 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 606 13 stream -> /tmp/.X11-unix/X0 misher kdeinit 606 14 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 6 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 9 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 10 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 11 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 12 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 13 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 14 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 15 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 16 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 17 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 18 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 19 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 22 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 44 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 599 9 stream -> ?? misher kdeinit 599 10 stream -> /tmp/.X11-unix/X0 root XFree86 580 1 stream /tmp/.X11-unix/X0 root XFree86 580 7 stream /tmp/.X11-unix/X0 root XFree86 580 8 stream /tmp/.X11-unix/X0 root XFree86 580 9 stream /tmp/.X11-unix/X0 root XFree86 580 10 stream /tmp/.X11-unix/X0 root XFree86 580 11 stream /tmp/.X11-unix/X0 root XFree86 580 12 stream /tmp/.X11-unix/X0 root XFree86 580 13 stream /tmp/.X11-unix/X0 root XFree86 580 14 stream /tmp/.X11-unix/X0 root XFree86 580 15 stream /tmp/.X11-unix/X0 root XFree86 580 16 stream /tmp/.X11-unix/X0 root XFree86 580 17 stream /tmp/.X11-unix/X0 root XFree86 580 18 stream /tmp/.X11-unix/X0 root XFree86 580 19 stream /tmp/.X11-unix/X0 root XFree86 580 20 stream /tmp/.X11-unix/X0 root XFree86 580 21 stream /tmp/.X11-unix/X0 root XFree86 580 22 stream /tmp/.X11-unix/X0 root XFree86 580 23 stream /tmp/.X11-unix/X0 root XFree86 580 28 stream /tmp/.X11-unix/X0 misher xinit 579 3 stream -> /tmp/.X11-unix/X0 mysql mysqld 565 5 tcp4 *:3306 *:* mysql mysqld 565 6 stream /tmp/mysql.sock root login 554 3 dgram -> /var/run/log root inetd 540 4 tcp4 *:21 *:* root inetd 540 5 tcp4 *:23 *:* root inetd 540 6 udp4 *:518 *:* www httpd 480 3 tcp46 *:80 *:* www httpd 479 3 tcp46 *:80 *:* www httpd 478 3 tcp46 *:80 *:* www httpd 477 3 tcp46 *:80 *:* www httpd 476 3 tcp46 *:80 *:* root httpd 461 3 tcp46 *:80 *:* smmsp sendmail 425 3 dgram -> /var/run/log root sendmail 422 3 dgram -> /var/run/log root sendmail 422 4 tcp4 *:25 *:* root sendmail 422 5 tcp4 *:587 *:* root sshd 417 3 tcp6 *:22 *:* root sshd 417 4 tcp4 *:22 *:* bind named 275 3 dgram -> /var/run/log bind named 275 4 udp4 *:49152 *:* bind named 275 5 stream /var/run/ndc bind named 275 20 udp4 127.0.0.1:53 *:* bind named 275 21 tcp4 127.0.0.1:53 *:* bind named 275 22 udp4 192.168.0.1:53 *:* bind named 275 23 tcp4 192.168.0.1:53 *:* bind named 275 24 udp4 192.168.0.2:53 *:* bind named 275 25 tcp4 192.168.0.2:53 *:* root syslogd 267 3 dgram /var/run/log root syslogd 267 4 udp6 *:514 *:* root syslogd 267 5 udp4 *:514 *:*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405101450.17072.tsmm>