Date: Tue, 2 Jan 2001 11:31:28 -0800 From: "Chris Smith" <chris@amgroupadmin.com> To: "Freebsd Questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: open ports on my gateway...how do i find out what is running Message-ID: <034801c074f2$9a7a7c40$0c00a8c0@amgroupadmin.com> References: <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com> <20010102200021.E9236@d9168.upc-d.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Output of lsof: # lsof | grep LISTEN sshd 189 root 4u IPv4 0xc4a6eb60 0t0 TCP *:ssh (LISTEN) The other ports are not listed...only the ssh which I expect Chris Smith _________________ IT Department American Group Administrators First National Administrators ----- Original Message ----- From: "Edwin Groothuis" <mavetju@chello.nl> To: "Chris Smith" <chris@amgroupadmin.com> Cc: "Freebsd Questions" <freebsd-questions@FreeBSD.ORG> Sent: Tuesday, January 02, 2001 11:00 AM Subject: Re: open ports on my gateway...how do i find out what is running > On Tue, Jan 02, 2001 at 10:54:11AM -0800, Chris Smith wrote: > > I ran nmap on my local gateway ( 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu Dec > > 28 09:29:04 PST i386) and it shows the following ports open. Port 22-ssh > > is ok, but the rest are a mystery to me. > > > > How do I find out what processes are occupying these ports? I want to find > > out whether I have been hacked or if these are something else that I need to > > deactivate. The only port I expect to find open is 22. > > install lsof from the ports and do a grep for listen in the output: > > [~] edwin@p6>/usr/local/sbin/lsof | grep LISTEN > httpd-php 234 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 235 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 29560 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > httpd-php 29561 edwin 17u IPv4 0xc80d9b60 0t0 TCP *:http (LISTEN) > rom 43968 edwin 6u IPv4 0xc80ded80 0t0 TCP *:4000 (LISTEN) > rom 43968 edwin 7u IPv4 0xc80dd500 0t0 TCP *:4001 (LISTEN) > rom 43968 edwin 8u IPv4 0xc80e02e0 0t0 TCP *:4002 (LISTEN) > > Edwin > -- > Edwin Groothuis | Interested in MUDs? Visit Fatal Dimensions: > mavetju@chello.nl | http://fataldimensions.nl.eu.org/ > ------------------+ telnet://fataldimensions.nl.eu.org:4000 > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?034801c074f2$9a7a7c40$0c00a8c0>