RE: Strange connections

Subject: RE: Strange connections
From: Brad Bice (rbb@alaskapacific.edu)
Date: Tue Aug 13 2002 - 18:12:34 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Arthur Corliss: "RE: Strange connections"
• Previous message: Arthur Corliss: "Re: Strange connections"
• Maybe in reply to: brad: "Strange connections"
• Next in thread: Arthur Corliss: "RE: Strange connections"
• Maybe reply: Brad Bice: "RE: Strange connections"
• Reply: Brad Bice: "RE: Strange connections"

Hi Arthur,
I lost some of the info because it was wrapping, but here's another look =
at it.

Is the port for www.evecosoftware.com 1833?

If that is correct, 1833 is=20

udpradio 1833/tcp udpradio
udpradio 1833/udp udpradio
We aren't streaming any kind of audio on this server. Any ideas on =
what's going on?

TCP
   Local Address Remote Address Swind Send-Q Rwind Recv-Q =
State
-------------------- -------------------- ----- ------ ----- ------ =
-------
apu1.alaskapacific.edu.ssh 10.102.1.21.2513 16551 0 8760 =
0 CLOSE_WAIT
apu1.alaskapacific.edu.ssh www.evecosoftware.com.1833 32120 0 10136 =
     0 ESTABLISHED
apu1.alaskapacific.edu.ssh 202.175.82.64.60379 5840 0 10136 =
0 ESTABLISHED
apu1.alaskapacific.edu.ssh 10.102.1.21.4707 17296 31 8760 =
0 ESTABLISHED
Active UNIX domain sockets
Address Type Vnode Conn Local Addr Remote Addr
f5ec7d28 stream-ord f5fe7f20 00000000 /tmp/mysql.sock =20
f5ec7e40 stream-ord f5ebb498 00000000 /usr/local/etc/ndc =20

-----Original Message-----
From: Arthur Corliss [mailto:arthur@corlissfamily.org]
Sent: Tuesday, August 13, 2002 4:54 PM
To: Brad Bice; 'aklug@aklug.org'
Subject: Re: Strange connections

> Hi folks,
> When I run netstat -v on one of my solaris servers I come up with 2
> strange connections.
>=20
> # netstat -v
>=20
> TCP
> Local/Remote Address Swind Snext Suna Rwind Rnext Rack =20
> Rto Mss State
> -------------------- ----- -------- -------- ----- -------- --------
> ----- ----- ------
>=20
> www.evecosoftware.com.1833 32120 9d84923c 9d84923c 10136 8f8eb7fb
> 8f8eb7fb 3455 1448 ESTABLISHED
>=20
> 202.175.82.64.60379 5840 fa7211c8 fa7211c8 10136 5b46ee6e 5b46ee6e=20
> 3843 1448 ESTABLISHED
>=20
> Active UNIX domain sockets
> Address Type Vnode Conn Local Addr Remote Addr
> f5ec7d28 stream-ord f5fe7f20 00000000 /tmp/mysql.sock
> f5ec7e40 stream-ord f5ebb498 00000000 /usr/local/etc/ndc
>=20
> How can I determine what port they are attached to? How can I kill
> them off of my system?
>=20
> Any help you can provide is greatly appreciated.

I think you've stripped some of the output from your post. Each =
connection is
two lines, the first being just one end of the connection, the second =
being
the other end. For instance, here's a remote connection via rsh:

frigga.1023 =20
heimdal.login 12936 2f382440 2f382440 25872 416b04f7 416b04f7 =
2473=20
4312 ESTABLISHED

The port is the number segment at then end of the first field. . .

        --Arthur Corliss
          Bolverk's Lair -- http://arthur.corlissfamily.org/
          Digital Mages -- http://www.digitalmages.com/
          "Live Free or Die, the Only Way to Live" -- NH State Motto

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Arthur Corliss: "RE: Strange connections"
• Previous message: Arthur Corliss: "Re: Strange connections"
• Maybe in reply to: brad: "Strange connections"
• Next in thread: Arthur Corliss: "RE: Strange connections"
• Maybe reply: Brad Bice: "RE: Strange connections"
• Reply: Brad Bice: "RE: Strange connections"

This archive was generated by hypermail 2a23 : Tue Aug 13 2002 - 18:13:44 AKDT