From owner-freebsd-questions@freebsd.org Mon Feb 18 14:05:20 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD7C114DCDA1 for ; Mon, 18 Feb 2019 14:05:20 +0000 (UTC) (envelope-from bblister@gmail.com) Received: from n6.nabble.com (n6.nabble.com [162.255.23.37]) by mx1.freebsd.org (Postfix) with ESMTP id 991F7682A8 for ; Mon, 18 Feb 2019 14:05:19 +0000 (UTC) (envelope-from bblister@gmail.com) Received: from n6.nabble.com (localhost [127.0.0.1]) by n6.nabble.com (Postfix) with ESMTP id AAD3EC685ED3 for ; Mon, 18 Feb 2019 07:05:17 -0700 (MST) Date: Mon, 18 Feb 2019 07:05:17 -0700 (MST) From: BBlister To: freebsd-questions@freebsd.org Message-ID: <1550498717617-0.post@n6.nabble.com> In-Reply-To: <5B3B92BC-BD58-4FA3-B6BD-16BA74A8D944@mail.sermon-archive.info> References: <1550339000372-0.post@n6.nabble.com> <20190216185344.95cb4ec3.freebsd@edvax.de> <1550341736004-0.post@n6.nabble.com> <1550345837921-0.post@n6.nabble.com> <1550472991548-0.post@n6.nabble.com> <5B3B92BC-BD58-4FA3-B6BD-16BA74A8D944@mail.sermon-archive.info> Subject: Re: Cannot identify process of listening port 600/tcp6 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 991F7682A8 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dmarc=fail reason="" header.from=gmail.com (policy=none); spf=softfail (mx1.freebsd.org: 162.255.23.37 is neither permitted nor denied by domain of bblister@gmail.com) smtp.mailfrom=bblister@gmail.com X-Spamd-Result: default: False [1.73 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; R_SPF_SOFTFAIL(0.00)[~all]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.37)[0.367,0]; IP_SCORE(0.18)[ip: (0.75), ipnet: 162.255.20.0/22(0.17), asn: 21624(0.04), country: US(-0.07)]; NEURAL_SPAM_SHORT(0.80)[0.805,0]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_SPAM_LONG(0.30)[0.296,0]; RCVD_IN_DNSWL_NONE(0.00)[37.23.255.162.list.dnswl.org : 127.0.10.0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:21624, ipnet:162.255.20.0/22, country:US]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DMARC_POLICY_SOFTFAIL(0.10)[gmail.com : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2019 14:05:20 -0000 On the referenced URL, they are suggesting to use netstat -anp , which is not applicable to FreeBSD (parameter -p is not valid). Also, they suggesting to use ps. My process listing (only the executables, using ps axuw | awk '{print $11}' | sort |uniq: -csh [audit] [bufdaemon] [bufspacedaemon] [cam] [crypto [crypto] [geom] [idle] [intr] [kernel] [pagedaemon] [pagezero] [rand_harvestq] [sctp_iterator] [soaiod1] [soaiod2] [soaiod3] [soaiod4] [syncer] [usb] [vmdaemon] [vnlru] /sbin/devd /sbin/init /sbin/natd /usr/libexec/getty /usr/local/bin/3proxy /usr/local/bin/perl /usr/local/bin/php-cgi /usr/local/bin/portsentry /usr/local/bin/python2.7 /usr/local/bin/rtorrent /usr/local/bin/screen /usr/local/sbin/arpwatch /usr/local/sbin/fcgiwrap /usr/local/sbin/nmbd /usr/local/sbin/openvpn /usr/local/sbin/smartd /usr/local/sbin/smbd /usr/local/sbin/winbindd /usr/sbin/blacklistd /usr/sbin/cron /usr/sbin/inetd /usr/sbin/mountd /usr/sbin/rpc.lockd /usr/sbin/rpc.statd /usr/sbin/rpcbind /usr/sbin/rtsold /usr/sbin/syslogd /usr/sbin/unbound adjkerntz awk bash daemon: diskcheckd: nfscbd: nfsd: nginx: ps sendmail: sort sshd: sudo tcpdump tcpdump: uniq My kldstat 1 37 0xffffffff80200000 20647c8 kernel 2 1 0xffffffff82266000 2d40 coretemp.ko 3 1 0xffffffff82421000 6fc4 tmpfs.ko 4 1 0xffffffff82428000 41f0 linprocfs.ko 5 2 0xffffffff8242d000 2d28 linux_common.ko 6 1 0xffffffff82430000 195c linsysfs.ko 7 4 0xffffffff82432000 20198 ipfw.ko 8 1 0xffffffff82453000 24a0 if_tap.ko 9 1 0xffffffff82456000 107a0 dummynet.ko 10 1 0xffffffff82467000 13f0 ipdivert.ko 11 1 0xffffffff82469000 21b0 ipfw_nat.ko 12 1 0xffffffff8246c000 a4f2 libalias.ko and for ICPS I see that everything is empty: # ipcs Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP Semaphores: T ID KEY MODE OWNER GROUP # ipcs -y Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP Semaphores: T ID KEY MODE OWNER GROUP # Also I mounted procfs on proc (# mount -t procfs proc /proc) and search for 600 but I did not find anything useful ( grep -R '600' * |&less ). I am open to suggestions...I have not reboot the machine yet. By the way I see that I have two unknown listening ports 600/tcp6 and 601/tcp4 . tcpdump has not shown any traffic yet to these ports. -- Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-questions-f3696945.html