Date: Tue, 19 Feb 2019 11:25:51 -0500 From: Mike Tancsa <mike@sentex.net> To: BBlister <bblister@gmail.com>, freebsd-questions@freebsd.org Subject: Re: Cannot identify process of listening port 600/tcp6 Message-ID: <5b5f72fc-c054-ea43-6602-e7bdb742d657@sentex.net> In-Reply-To: <1550339000372-0.post@n6.nabble.com> References: <1550339000372-0.post@n6.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/16/2019 12:43 PM, BBlister wrote: > I have tried: > # lsof -n -P | grep :600 > # > --nothing > > # sockstat -a | grep :600 > ? ? ? ? tcp6 *:600 *:* > > > # netstat -an | grep 600 > tcp6 0 0 *.600 *.* LISTEN > > > Perhaps this is a kernel module, but which? Is this a strange rootkit? I did > not reboot the machine, because I would like to locate the offending process > first. This box runs nginx and rtorrent. I see the same thing with rpc.lockd. # ps -auxw | grep rpc root 948 0.0 0.0 285572 6180 - Is Fri11 0:00.10 /usr/sbin/rpc.statd root 951 0.0 0.0 23448 6164 - Ss Fri11 0:00.11 /usr/sbin/rpc.lockd root 40566 0.0 0.0 11264 2608 0 S+ 10:54 0:00.00 grep rpc # sockstat -vL | grep 929 ? ? ? ? tcp4 *:929 *:* # kill 948 # sockstat -vL | grep 929 ? ? ? ? tcp4 *:929 *:* # kill 951 # ps -auxw | grep rpc root 40572 0.0 0.0 11264 2608 0 S+ 10:54 0:00.00 grep rpc # sockstat -vL | grep 929 # I dont get why sockstat cant identify them ? Its a userland process, no ? ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 x203 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5b5f72fc-c054-ea43-6602-e7bdb742d657>