Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Jan 2001 11:31:28 -0800
From:      "Chris Smith" <chris@amgroupadmin.com>
To:        "Freebsd Questions" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: open ports on my gateway...how do i find out what is running
Message-ID:  <034801c074f2$9a7a7c40$0c00a8c0@amgroupadmin.com>
References:  <023301c074ed$6b248300$0c00a8c0@amgroupadmin.com> <20010102200021.E9236@d9168.upc-d.chello.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
Output of lsof:

# lsof | grep LISTEN
sshd        189   root    4u  IPv4 0xc4a6eb60        0t0     TCP *:ssh
(LISTEN)

The other ports are not listed...only the ssh which I expect

Chris Smith
_________________
IT Department
American Group Administrators
First National Administrators



----- Original Message -----
From: "Edwin Groothuis" <mavetju@chello.nl>
To: "Chris Smith" <chris@amgroupadmin.com>
Cc: "Freebsd Questions" <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, January 02, 2001 11:00 AM
Subject: Re: open ports on my gateway...how do i find out what is running


> On Tue, Jan 02, 2001 at 10:54:11AM -0800, Chris Smith wrote:
> > I ran nmap on my local gateway ( 4.2-STABLE FreeBSD 4.2-STABLE #0: Thu
Dec
> > 28 09:29:04 PST  i386) and it shows the following ports open.  Port
22-ssh
> > is ok, but the rest are a mystery to me.
> >
> > How do I find out what processes are occupying these ports?  I want to
find
> > out whether I have been hacked or if these are something else that I
need to
> > deactivate.  The only port I expect to find open is 22.
>
> install lsof from the ports and do a grep for listen in the output:
>
> [~] edwin@p6>/usr/local/sbin/lsof | grep LISTEN
> httpd-php   234 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http
(LISTEN)
> httpd-php   235 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http
(LISTEN)
> httpd-php 29560 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http
(LISTEN)
> httpd-php 29561 edwin   17u  IPv4 0xc80d9b60        0t0     TCP *:http
(LISTEN)
> rom       43968 edwin    6u  IPv4 0xc80ded80        0t0     TCP *:4000
(LISTEN)
> rom       43968 edwin    7u  IPv4 0xc80dd500        0t0     TCP *:4001
(LISTEN)
> rom       43968 edwin    8u  IPv4 0xc80e02e0        0t0     TCP *:4002
(LISTEN)
>
> Edwin
> --
> Edwin Groothuis   |           Interested in MUDs? Visit Fatal Dimensions:
> mavetju@chello.nl |                     http://fataldimensions.nl.eu.org/
> ------------------+               telnet://fataldimensions.nl.eu.org:4000
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?034801c074f2$9a7a7c40$0c00a8c0>