From owner-freebsd-hackers@FreeBSD.ORG Mon May 10 00:51:02 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF6A116A4CE for ; Mon, 10 May 2004 00:51:02 -0700 (PDT) Received: from mx1.mail.ru (mx1.mail.ru [194.67.45.221]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62BC943D2F for ; Mon, 10 May 2004 00:51:00 -0700 (PDT) (envelope-from tsmm@list.ru) Received: from [80.241.32.140] (port=49589 helo=140dial.supernet.kz) by mx1.mail.ru with esmtp id 1BN5U0-0008yY-00; Mon, 10 May 2004 11:45:53 +0400 From: TSaplin Mikhail To: Chris Dillon Date: Mon, 10 May 2004 14:50:17 +0700 User-Agent: KMail/1.5.2 References: <200405091922.36624.tsmm@list.ru> <20040510001226.T67823@duey.wolves.k12.mo.us> In-Reply-To: <20040510001226.T67823@duey.wolves.k12.mo.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200405101450.17072.tsmm@list.ru> X-Spam: Not detected cc: freebsd-hackers@freebsd.org Subject: Re: GATEKEEPER.MCAST.NET again (unexpected traffic) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 07:51:02 -0000 On Monday 10 May 2004 12:31, you wrote: > On Sun, 9 May 2004, TSaplin Mikhail wrote: > > Recently I wrote, that I have litle traffic to GATEKEEPER.MCAST.NET, > > (tcpdump show this: > > 20:32:41.496039 129dial.supernet.kz.52075 > GATEKEEPER.MCAST.NET.1718: > > udp 31 ) > > > > David Malone on my question wrote: > > >Does sockstat show which process is using port 52075? > > > > No, sockstat show nothing about this. > > > > I've installed new system due express installation - but packets is steel > > going. > > > > Maybe this is going on your 5.1 system, and is this right? > > Those are multicast UDP packets being sent by an H.323 endpoint > application trying to find a local H.323 gatekeeper. Since they are > multicast, they will stay within your LAN unless you have explicitly > configured a router or tunnel to carry them out of it. Totally > harmless, unless you really don't want any H.323-enabled applications > installed and running. Use sockstat to look for anything listening on > the 224.0.1.41 (gatekeeper.mcast.net) address. I know that H.323 protocol is used by ip-phones and releated software. And i don't understand why it sitting on my clean system (i've installed it without packages, except ltmdm(modem driver)). what form of sockstat i should use? Now `sockstat -l` shows: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS misher kget 649 12 udp4 *:* *:* misher xmms 639 6 stream /var/tmp/xmms_misher.0 misher kdeinit 637 12 stream /tmp/.ICE-unix/637 misher kdeinit 606 12 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0 root XFree86 580 1 stream /tmp/.X11-unix/X0 mysql mysqld 565 5 tcp4 *:3306 *:* mysql mysqld 565 6 stream /tmp/mysql.sock root inetd 540 4 tcp4 *:21 *:* root inetd 540 5 tcp4 *:23 *:* root inetd 540 6 udp4 *:518 *:* www httpd 480 3 tcp46 *:80 *:* www httpd 479 3 tcp46 *:80 *:* www httpd 478 3 tcp46 *:80 *:* www httpd 477 3 tcp46 *:80 *:* www httpd 476 3 tcp46 *:80 *:* root httpd 461 3 tcp46 *:80 *:* root sendmail 422 4 tcp4 *:25 *:* root sendmail 422 5 tcp4 *:587 *:* root sshd 417 3 tcp6 *:22 *:* root sshd 417 4 tcp4 *:22 *:* bind named 275 4 udp4 *:49152 *:* bind named 275 5 stream /var/run/ndc bind named 275 20 udp4 127.0.0.1:53 *:* bind named 275 21 tcp4 127.0.0.1:53 *:* bind named 275 22 udp4 192.168.0.1:53 *:* bind named 275 23 tcp4 192.168.0.1:53 *:* bind named 275 24 udp4 192.168.0.2:53 *:* bind named 275 25 tcp4 192.168.0.2:53 *:* root syslogd 267 3 dgram /var/run/log root syslogd 267 4 udp6 *:514 *:* root syslogd 267 5 udp4 *:514 *:* `sockstat` without args: USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS misher kmail 1059 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kmail 1059 6 stream -> /tmp/.X11-unix/X0 misher kmail 1059 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 1023 5 stream -> /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 885 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 885 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 885 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 651 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 651 6 stream -> /tmp/.ICE-unix/637 misher kdeinit 651 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kget 649 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kget 649 6 stream -> /tmp/.X11-unix/X0 misher kget 649 7 stream -> /tmp/.ICE-unix/637 misher kget 649 12 udp4 *:* *:* misher xscreensav 645 3 stream -> /tmp/.X11-unix/X0 misher kdeinit 644 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 644 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 644 7 stream -> /tmp/.ICE-unix/637 misher kdeinit 641 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 641 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 641 7 stream -> /tmp/.ICE-unix/637 misher xmms 639 5 stream -> /tmp/.X11-unix/X0 misher xmms 639 6 stream /var/tmp/xmms_misher.0 misher xmms 639 9 stream -> /tmp/.X11-unix/X0 misher xmms 639 10 stream -> /tmp/.ICE-unix/637 misher kdeinit 638 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 638 6 stream -> /tmp/.ICE-unix/637 misher kdeinit 638 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 637 5 stream -> /tmp/.X11-unix/X0 misher kdeinit 637 6 stream /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 637 11 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 637 12 stream /tmp/.ICE-unix/637 misher kdeinit 637 13 stream /tmp/.ICE-unix/637 misher kdeinit 637 14 stream /tmp/.ICE-unix/637 misher kdeinit 637 16 stream /tmp/.ICE-unix/637 misher kdeinit 637 18 stream /tmp/.ICE-unix/637 misher kdeinit 637 20 stream /tmp/.ICE-unix/637 misher kdeinit 637 21 stream /tmp/.ICE-unix/637 misher kdeinit 637 23 stream /tmp/.ICE-unix/637 misher kdeinit 637 29 stream /tmp/.ICE-unix/637 misher kwrapper 635 3 stream -> /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 634 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 634 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 632 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 632 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 616 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 616 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 608 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 608 6 stream -> /tmp/.X11-unix/X0 misher kdeinit 608 12 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 606 5 stream -> /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 606 10 stream -> ?? misher kdeinit 606 12 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 606 13 stream -> /tmp/.X11-unix/X0 misher kdeinit 606 14 stream /tmp/ksocket-misher/klauncherLN4Xwj.slave-socket misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 6 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 9 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 10 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 11 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 12 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 13 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 14 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 15 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 16 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 17 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 18 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 19 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 22 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 602 44 stream /tmp/.ICE-unix/dcop602-1084169543 misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0 misher kdeinit 599 9 stream -> ?? misher kdeinit 599 10 stream -> /tmp/.X11-unix/X0 root XFree86 580 1 stream /tmp/.X11-unix/X0 root XFree86 580 7 stream /tmp/.X11-unix/X0 root XFree86 580 8 stream /tmp/.X11-unix/X0 root XFree86 580 9 stream /tmp/.X11-unix/X0 root XFree86 580 10 stream /tmp/.X11-unix/X0 root XFree86 580 11 stream /tmp/.X11-unix/X0 root XFree86 580 12 stream /tmp/.X11-unix/X0 root XFree86 580 13 stream /tmp/.X11-unix/X0 root XFree86 580 14 stream /tmp/.X11-unix/X0 root XFree86 580 15 stream /tmp/.X11-unix/X0 root XFree86 580 16 stream /tmp/.X11-unix/X0 root XFree86 580 17 stream /tmp/.X11-unix/X0 root XFree86 580 18 stream /tmp/.X11-unix/X0 root XFree86 580 19 stream /tmp/.X11-unix/X0 root XFree86 580 20 stream /tmp/.X11-unix/X0 root XFree86 580 21 stream /tmp/.X11-unix/X0 root XFree86 580 22 stream /tmp/.X11-unix/X0 root XFree86 580 23 stream /tmp/.X11-unix/X0 root XFree86 580 28 stream /tmp/.X11-unix/X0 misher xinit 579 3 stream -> /tmp/.X11-unix/X0 mysql mysqld 565 5 tcp4 *:3306 *:* mysql mysqld 565 6 stream /tmp/mysql.sock root login 554 3 dgram -> /var/run/log root inetd 540 4 tcp4 *:21 *:* root inetd 540 5 tcp4 *:23 *:* root inetd 540 6 udp4 *:518 *:* www httpd 480 3 tcp46 *:80 *:* www httpd 479 3 tcp46 *:80 *:* www httpd 478 3 tcp46 *:80 *:* www httpd 477 3 tcp46 *:80 *:* www httpd 476 3 tcp46 *:80 *:* root httpd 461 3 tcp46 *:80 *:* smmsp sendmail 425 3 dgram -> /var/run/log root sendmail 422 3 dgram -> /var/run/log root sendmail 422 4 tcp4 *:25 *:* root sendmail 422 5 tcp4 *:587 *:* root sshd 417 3 tcp6 *:22 *:* root sshd 417 4 tcp4 *:22 *:* bind named 275 3 dgram -> /var/run/log bind named 275 4 udp4 *:49152 *:* bind named 275 5 stream /var/run/ndc bind named 275 20 udp4 127.0.0.1:53 *:* bind named 275 21 tcp4 127.0.0.1:53 *:* bind named 275 22 udp4 192.168.0.1:53 *:* bind named 275 23 tcp4 192.168.0.1:53 *:* bind named 275 24 udp4 192.168.0.2:53 *:* bind named 275 25 tcp4 192.168.0.2:53 *:* root syslogd 267 3 dgram /var/run/log root syslogd 267 4 udp6 *:514 *:* root syslogd 267 5 udp4 *:514 *:*