Results 1 to 6 of 6

Thread: Linux find out program name responsible for opening tcp port

  1. #1
    Senior Member
    Join Date
    Jul 2006
    Location
    India, Delhi
    Posts
    209
    Thanks
    3
    Thanked 1 Time in 1 Post
    Rep Power
    9

    Default Linux find out program name responsible for opening tcp port

    Dear All,

    Pl. help me on this,

    from 2-3 days i am getting these below Info messages in my apache error logs

    [Fri Oct 29 11:40:59 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:00 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:00 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:01 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:01 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:01 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:02 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:02 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:03 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network
    [Fri Oct 29 11:41:06 2010] [info] [client 172.32.1.1] (104)Connection reset by peer: core_output_filter: writing data to the network


    When trying to restart the apache.... it works and in error logs i get this...


    [Fri Oct 29 11:47:31 2010] [notice] caught SIGTERM, shutting down
    [Fri Oct 29 11:47:32 2010] [info] mod_unique_id: using ip addr 172.32.5.45
    [Fri Oct 29 11:47:33 2010] [info] mod_unique_id: using ip addr 172.32.5.45
    [Fri Oct 29 11:47:34 2010] [notice] Apache/2.2.14 (Unix) configured -- resuming normal operations
    [Fri Oct 29 11:47:34 2010] [info] Server built: Nov 6 2009 13:48:28



    I ran this command to check what programs on which port, in that output i found some thing wearied.

    # netstat -tnulp (in this command i am not getting which programs are using these ports... although this works for other programs...)

    tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
    tcp 0 0 0.0.0.0:36834 0.0.0.0:* LISTEN -

    udp 0 0 0.0.0.0:32768 0.0.0.0:* -
    udp 0 0 0.0.0.0:2049 0.0.0.0:* -


    Pl. help me on this....

    I am feeling my server has some rootkits or hacked....

    Regards
    manish

  2. #2
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 804 Times in 511 Posts
    Rep Power
    10

    Default

    Run netstat as root with full path
    Code:
    /bin/netstat -tulpn
    Or use ps aux to find out its pid. Once you got pid, run the following to find out program name
    Code:
    ls -l /proc/pid-here/exec
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  3. #3
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 804 Times in 511 Posts
    Rep Power
    10

    Default

    You can also use fuser or lsof and other utilities to find info:
    Code:
    fuser 36834/tcp
    fuser 2049/tcp 
    fuser 32768/udp 
    fuser 2049/udp
    Once you got pid for each process run ls command
    Code:
    ls -l /proc/pid-here/exec
    You can also grep it:
    Code:
    grep port /etc/services
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  4. #4
    Senior Member
    Join Date
    Jul 2006
    Location
    India, Delhi
    Posts
    209
    Thanks
    3
    Thanked 1 Time in 1 Post
    Rep Power
    9

    Default

    Hi

    i used this....

    watch -n1 --difference "fuser 36834/tcp; fuser 2049/tcp; fuser 32768/udp; fuser 2049/udp"

    in this i find once this below

    "cannot stat file /proc/28200/fd/6: No such file or directory"

  5. #5
    Never say die nixcraft's Avatar
    Join Date
    Jan 2005
    Location
    BIOS
    Posts
    4,513
    Thanks
    17
    Thanked 804 Times in 511 Posts
    Rep Power
    10

    Default

    Can you paste the output of the following command, as watch will not give any info
    Code:
    fuser 36834/tcp
    fuser 2049/tcp 
    fuser 32768/udp 
    fuser 2049/udp
    All [Solved] threads are closed by mods / admin to avoid spam issues. See Howto mark a thread as [Solved]


  6. #6
    Senior Member
    Join Date
    Jul 2006
    Location
    India, Delhi
    Posts
    209
    Thanks
    3
    Thanked 1 Time in 1 Post
    Rep Power
    9

    Default

    nothing displaying....


    update..... How stupid i am... just i know....

    i didn't checked about NFS

    2049 is using by NFS
    Last edited by kasimani; 30th October 2010 at 01:50 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Opening ports 40000 to 65000
    By jester in forum Networking, Firewalls and Security
    Replies: 2
    Last Post: 7th August 2010, 10:25 AM
  2. [Solved] Ubuntu Linux Install Vcdgear Program
    By tonjaa in forum Ubuntu / Debian
    Replies: 6
    Last Post: 15th July 2009, 07:54 PM
  3. virtual consoles of CLI is not opening in RHEL5.
    By amit.rhce in forum CentOS / RHEL / Fedora
    Replies: 2
    Last Post: 13th February 2009, 12:27 PM
  4. Google Earth Linux 4.0 Best Program to Download
    By sweta in forum Linux software
    Replies: 0
    Last Post: 4th May 2007, 12:29 AM
  5. opening tar.gz from my desktop
    By raj in forum Linux software
    Replies: 1
    Last Post: 20th December 2006, 02:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •