| 1 |
On Thursday 20 September 2007, Grant wrote: |
| 2 |
> > > I recognize everything in 'ps -ef' I think, but I've never really used |
| 3 |
> > > netstat before. Under "Active Internet connections" I don't |
| 4 |
> > > recognize: |
| 5 |
> > > |
| 6 |
> > > tcp localhost:10030 |
| 7 |
> > > tcp *:snpp |
| 8 |
> > |
| 9 |
> > Also, snpp is for pagers: |
| 10 |
> > http://en.wikipedia.org/wiki/Simple_Network_Paging_Protocol |
| 11 |
> |
| 12 |
> With netstat -lp it looks like *:snpp is associated with apache2 and |
| 13 |
> is using the same pid as *:http and *:https. I've never set up |
| 14 |
> anything having to do with a pager. I've never had a pager. What can |
| 15 |
> I do to investigate that further? |
| 16 |
|
| 17 |
I assume then that this is spawned by apache, but don't know why apache would |
| 18 |
spawn something like this. What happens if you shut apache down? Is it |
| 19 |
still there? You could post in apache M/Ls in case they know or have seen |
| 20 |
this before. |
| 21 |
|
| 22 |
> > Then run lsof (check man lsof) to see if there is anything suspicious |
| 23 |
> > there, like another user logged in either as root or with a different |
| 24 |
> > name. |
| 25 |
> |
| 26 |
> Any handy lsof commands? |
| 27 |
|
| 28 |
I am not good with regex so I would just run it plain and work tediously my |
| 29 |
way down the list, or start from the known suspects: check the port that |
| 30 |
snpp is using as well as 10030, e.g. |
| 31 |
|
| 32 |
# lsof -i @your_host_name.com:10030 (you can use the IP address here too) |
| 33 |
|
| 34 |
# lsof -i @your_host_name.com:snpp |
| 35 |
|
| 36 |
etc. |
| 37 |
|
| 38 |
HTH. |
| 39 |
-- |
| 40 |
Regards, |
| 41 |
Mick |
Archives