GATEKEEPER.MCAST.NET again (unexpected traffic)
TSaplin Mikhail
tsmm at list.ru
Mon May 10 00:51:02 PDT 2004
On Monday 10 May 2004 12:31, you wrote:
> On Sun, 9 May 2004, TSaplin Mikhail wrote:
> > Recently I wrote, that I have litle traffic to GATEKEEPER.MCAST.NET,
> > (tcpdump show this:
> > 20:32:41.496039 129dial.supernet.kz.52075 > GATEKEEPER.MCAST.NET.1718:
> > udp 31 )
> >
> > David Malone <dwmalone at maths.tcd.ie> on my question wrote:
> > >Does sockstat show which process is using port 52075?
> >
> > No, sockstat show nothing about this.
> >
> > I've installed new system due express installation - but packets is steel
> > going.
> >
> > Maybe this is going on your 5.1 system, and is this right?
>
> Those are multicast UDP packets being sent by an H.323 endpoint
> application trying to find a local H.323 gatekeeper. Since they are
> multicast, they will stay within your LAN unless you have explicitly
> configured a router or tunnel to carry them out of it. Totally
> harmless, unless you really don't want any H.323-enabled applications
> installed and running. Use sockstat to look for anything listening on
> the 224.0.1.41 (gatekeeper.mcast.net) address.
I know that H.323 protocol is used by ip-phones and releated software.
And i don't understand why it sitting on my clean system (i've installed it
without packages, except ltmdm(modem driver)).
what form of sockstat i should use?
Now `sockstat -l` shows:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
misher kget 649 12 udp4 *:* *:*
misher xmms 639 6 stream /var/tmp/xmms_misher.0
misher kdeinit 637 12 stream /tmp/.ICE-unix/637
misher kdeinit 606 12 stream
/tmp/ksocket-misher/klauncherLN4Xwj.slave-socket
misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0
root XFree86 580 1 stream /tmp/.X11-unix/X0
mysql mysqld 565 5 tcp4 *:3306 *:*
mysql mysqld 565 6 stream /tmp/mysql.sock
root inetd 540 4 tcp4 *:21 *:*
root inetd 540 5 tcp4 *:23 *:*
root inetd 540 6 udp4 *:518 *:*
www httpd 480 3 tcp46 *:80 *:*
www httpd 479 3 tcp46 *:80 *:*
www httpd 478 3 tcp46 *:80 *:*
www httpd 477 3 tcp46 *:80 *:*
www httpd 476 3 tcp46 *:80 *:*
root httpd 461 3 tcp46 *:80 *:*
root sendmail 422 4 tcp4 *:25 *:*
root sendmail 422 5 tcp4 *:587 *:*
root sshd 417 3 tcp6 *:22 *:*
root sshd 417 4 tcp4 *:22 *:*
bind named 275 4 udp4 *:49152 *:*
bind named 275 5 stream /var/run/ndc
bind named 275 20 udp4 127.0.0.1:53 *:*
bind named 275 21 tcp4 127.0.0.1:53 *:*
bind named 275 22 udp4 192.168.0.1:53 *:*
bind named 275 23 tcp4 192.168.0.1:53 *:*
bind named 275 24 udp4 192.168.0.2:53 *:*
bind named 275 25 tcp4 192.168.0.2:53 *:*
root syslogd 267 3 dgram /var/run/log
root syslogd 267 4 udp6 *:514 *:*
root syslogd 267 5 udp4 *:514 *:*
`sockstat` without args:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
misher kmail 1059 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kmail 1059 6 stream -> /tmp/.X11-unix/X0
misher kmail 1059 7 stream -> /tmp/.ICE-unix/637
misher kdeinit 1023 5 stream ->
/tmp/ksocket-misher/klauncherLN4Xwj.slave-socket
misher kdeinit 885 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 885 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 885 7 stream -> /tmp/.ICE-unix/637
misher kdeinit 651 5 stream -> /tmp/.X11-unix/X0
misher kdeinit 651 6 stream -> /tmp/.ICE-unix/637
misher kdeinit 651 11 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kget 649 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kget 649 6 stream -> /tmp/.X11-unix/X0
misher kget 649 7 stream -> /tmp/.ICE-unix/637
misher kget 649 12 udp4 *:* *:*
misher xscreensav 645 3 stream -> /tmp/.X11-unix/X0
misher kdeinit 644 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 644 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 644 7 stream -> /tmp/.ICE-unix/637
misher kdeinit 641 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 641 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 641 7 stream -> /tmp/.ICE-unix/637
misher xmms 639 5 stream -> /tmp/.X11-unix/X0
misher xmms 639 6 stream /var/tmp/xmms_misher.0
misher xmms 639 9 stream -> /tmp/.X11-unix/X0
misher xmms 639 10 stream -> /tmp/.ICE-unix/637
misher kdeinit 638 5 stream -> /tmp/.X11-unix/X0
misher kdeinit 638 6 stream -> /tmp/.ICE-unix/637
misher kdeinit 638 11 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 637 5 stream -> /tmp/.X11-unix/X0
misher kdeinit 637 6 stream /tmp/ksocket-misher/kdeinit-:0
misher kdeinit 637 11 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 637 12 stream /tmp/.ICE-unix/637
misher kdeinit 637 13 stream /tmp/.ICE-unix/637
misher kdeinit 637 14 stream /tmp/.ICE-unix/637
misher kdeinit 637 16 stream /tmp/.ICE-unix/637
misher kdeinit 637 18 stream /tmp/.ICE-unix/637
misher kdeinit 637 20 stream /tmp/.ICE-unix/637
misher kdeinit 637 21 stream /tmp/.ICE-unix/637
misher kdeinit 637 23 stream /tmp/.ICE-unix/637
misher kdeinit 637 29 stream /tmp/.ICE-unix/637
misher kwrapper 635 3 stream -> /tmp/ksocket-misher/kdeinit-:0
misher kdeinit 634 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 634 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 632 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 632 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 616 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 616 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 608 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 608 6 stream -> /tmp/.X11-unix/X0
misher kdeinit 608 12 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 606 5 stream -> /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 606 10 stream -> ??
misher kdeinit 606 12 stream
/tmp/ksocket-misher/klauncherLN4Xwj.slave-socket
misher kdeinit 606 13 stream -> /tmp/.X11-unix/X0
misher kdeinit 606 14 stream
/tmp/ksocket-misher/klauncherLN4Xwj.slave-socket
misher kdeinit 602 5 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 6 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 9 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 10 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 11 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 12 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 13 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 14 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 15 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 16 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 17 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 18 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 19 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 22 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 602 44 stream /tmp/.ICE-unix/dcop602-1084169543
misher kdeinit 599 8 stream /tmp/ksocket-misher/kdeinit-:0
misher kdeinit 599 9 stream -> ??
misher kdeinit 599 10 stream -> /tmp/.X11-unix/X0
root XFree86 580 1 stream /tmp/.X11-unix/X0
root XFree86 580 7 stream /tmp/.X11-unix/X0
root XFree86 580 8 stream /tmp/.X11-unix/X0
root XFree86 580 9 stream /tmp/.X11-unix/X0
root XFree86 580 10 stream /tmp/.X11-unix/X0
root XFree86 580 11 stream /tmp/.X11-unix/X0
root XFree86 580 12 stream /tmp/.X11-unix/X0
root XFree86 580 13 stream /tmp/.X11-unix/X0
root XFree86 580 14 stream /tmp/.X11-unix/X0
root XFree86 580 15 stream /tmp/.X11-unix/X0
root XFree86 580 16 stream /tmp/.X11-unix/X0
root XFree86 580 17 stream /tmp/.X11-unix/X0
root XFree86 580 18 stream /tmp/.X11-unix/X0
root XFree86 580 19 stream /tmp/.X11-unix/X0
root XFree86 580 20 stream /tmp/.X11-unix/X0
root XFree86 580 21 stream /tmp/.X11-unix/X0
root XFree86 580 22 stream /tmp/.X11-unix/X0
root XFree86 580 23 stream /tmp/.X11-unix/X0
root XFree86 580 28 stream /tmp/.X11-unix/X0
misher xinit 579 3 stream -> /tmp/.X11-unix/X0
mysql mysqld 565 5 tcp4 *:3306 *:*
mysql mysqld 565 6 stream /tmp/mysql.sock
root login 554 3 dgram -> /var/run/log
root inetd 540 4 tcp4 *:21 *:*
root inetd 540 5 tcp4 *:23 *:*
root inetd 540 6 udp4 *:518 *:*
www httpd 480 3 tcp46 *:80 *:*
www httpd 479 3 tcp46 *:80 *:*
www httpd 478 3 tcp46 *:80 *:*
www httpd 477 3 tcp46 *:80 *:*
www httpd 476 3 tcp46 *:80 *:*
root httpd 461 3 tcp46 *:80 *:*
smmsp sendmail 425 3 dgram -> /var/run/log
root sendmail 422 3 dgram -> /var/run/log
root sendmail 422 4 tcp4 *:25 *:*
root sendmail 422 5 tcp4 *:587 *:*
root sshd 417 3 tcp6 *:22 *:*
root sshd 417 4 tcp4 *:22 *:*
bind named 275 3 dgram -> /var/run/log
bind named 275 4 udp4 *:49152 *:*
bind named 275 5 stream /var/run/ndc
bind named 275 20 udp4 127.0.0.1:53 *:*
bind named 275 21 tcp4 127.0.0.1:53 *:*
bind named 275 22 udp4 192.168.0.1:53 *:*
bind named 275 23 tcp4 192.168.0.1:53 *:*
bind named 275 24 udp4 192.168.0.2:53 *:*
bind named 275 25 tcp4 192.168.0.2:53 *:*
root syslogd 267 3 dgram /var/run/log
root syslogd 267 4 udp6 *:514 *:*
root syslogd 267 5 udp4 *:514 *:*
More information about the freebsd-hackers
mailing list