msaad at datapipe.com
Wed May 14 21:03:39 UTC 2008
I looked at netstat and I do not have this many sockets TCP or UNIX.
Wed May 14 16:58:37 EDT 2008
ewr# sysctl kern.ipc.numopensockets && netstat -an -p tcp | wc -l &&
sockstat -u |wc -l
ewr# sockstat -46lu | wc -l
Running your script I can only find 1 matching 0 count socket .
I also shutdown proftpd and left it down for 10 mins and I did not see
the number of sockets drop at all.
Any ideas ?
Mikolaj Golub wrote:
> On Wed, 14 May 2008 09:46:35 -0400 Mark Saad wrote:
> MS> Mikolaj
> MS> Thanks for the input, did you change any of the options for
> MS> TimeoutLinger or TimeoutIdle ?
> No, I didn't
> MS> The Proftpd I am running is build for 6.3-RELEASE here are the build
> MS> options
> MS> Compile-time Settings:
> MS> Version: 1.3.0a
> MS> Platform: FREEBSD6 (FREEBSD6_3)
> MS> Built With:
> MS> configure CPPFLAGS=-DHAVE_OPENSSL --localstatedir=/var/run
> MS> --disable-sendfile --disable-ipv6
> MS> --with-modules=mod_sql:mod_sql_mysql:mod_check_mysql:mod_check_digest
> MS> --prefix=/usr/local
> MS> --with-includes=/usr/local/include/mysql:/usr/include/openssl
> MS> --with-libraries=/usr/local/lib/mysql
> It might be that it is not proftpd but other application that cause the leak.
> Anyway, to check if it is proftpd, look in its logs for entries like these:
> Entering Passive Mode (192,168,0,213,241,70).
> FTP session closed.
> Convert the last two numbers to port (241*256+70) and check by netstat if you
> still have this connection. If you have, then it is likely this is the same
> situation as in my case and the proftpd is a problem. Upgrade to 1.3.1 from
> ports then.
> If proftpd is ok, look for other applications. Search for connections reported
> by netstat as ESTABLISHED but not displayed by sockstat utility. You could run
> something like this:
> netstat -an | grep ESTABL |
> while read b l a local remote state; do
> echo -n "$local $remote: "
> sockstat |
> sed -e 's/:/./g' |
> grep -c "$local *$remote"
> Look for sockets with 0 count. These are suspicious ones. Observe these
> sockets by netstat and try to figure out what application they could belong
> and dig in that direction.
> Mikolaj Golub
> freebsd-hackers at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
Managed UNIX Support
DataPipe Managed Global IT Services
msaad at datapipe.com
1.888.749.5821 (toll free)
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/emaildisclaimer.aspx for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.
More information about the freebsd-hackers