Cannot identify process of listening port 600/tcp6
Mike Tancsa
mike at sentex.net
Tue Feb 19 16:26:04 UTC 2019
On 2/16/2019 12:43 PM, BBlister wrote:
> I have tried:
> # lsof -n -P | grep :600
> #
> --nothing
>
> # sockstat -a | grep :600
> ? ? ? ? tcp6 *:600 *:*
>
>
> # netstat -an | grep 600
> tcp6 0 0 *.600 *.* LISTEN
>
>
> Perhaps this is a kernel module, but which? Is this a strange rootkit? I did
> not reboot the machine, because I would like to locate the offending process
> first. This box runs nginx and rtorrent.
I see the same thing with rpc.lockd.
# ps -auxw | grep rpc
root 948 0.0 0.0 285572 6180 - Is Fri11 0:00.10
/usr/sbin/rpc.statd
root 951 0.0 0.0 23448 6164 - Ss Fri11 0:00.11
/usr/sbin/rpc.lockd
root 40566 0.0 0.0 11264 2608 0 S+ 10:54 0:00.00
grep rpc
# sockstat -vL | grep 929
? ? ? ? tcp4 *:929 *:*
# kill 948
# sockstat -vL | grep 929
? ? ? ? tcp4 *:929 *:*
# kill 951
# ps -auxw | grep rpc
root 40572 0.0 0.0 11264 2608 0 S+ 10:54 0:00.00 grep rpc
# sockstat -vL | grep 929
#
I dont get why sockstat cant identify them ? Its a userland process, no ?
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
More information about the freebsd-questions
mailing list