Re: finding a process that bind a spcific port

["Milan P. Stanic" <mps@arvanta.net>]

On Wed, 2014-01-22 at 14:26, Nico Angenon wrote:
> File /tmp/a and tmp/b gives me the same numberlist...
> 
> I'll fromat the box, it'll go faster...

True!

But if there is vulnerability (security hole) in your system it's just
a question of time when you'll have this situation again.

> -----Message d'origine----- From: Matias Mucciolo
> Sent: Wednesday, January 22, 2014 2:14 PM
> To: debian-security@lists.debian.org
> Cc: Nico Angenon
> Subject: Re: finding a process that bind a spcific port
> 
> 
> You can try something like:
> 
> cd /proc/ && ls -d1 [0-9]* | sort -n  > /tmp/a  && ps ax -o pid |
> grep "[0-9]" | tr -d " " | sort -n > /tmp/b
> 
> and check with ip exits in /proc dir but not in ps
> example in my box:
> 
> ......
> 4615                                                            4615
> 4624                                                            4624
> 4647                                                            4647
> 4702                                                          | 4704
> 4703                                                          | 4705
>                                                              > 4706
>                                                              > 4707
> 
> in my case i have difference but is because the grep/etc  pid
> 
> 
> 
> -- 
> 
> Matias
> 
> 
> On Wednesday, January 22, 2014 10:01:09 AM Nico Angenon wrote:
> >Same : No output...
> >
> >Nico
> >
> >-----Message d'origine----- From: johan A. van Zanten
> >Sent: Wednesday, January 22, 2014 1:56 PM
> >To: nico@creaweb.fr
> >Cc: debian-security@lists.debian.org
> >Subject: Re: finding a process that bind a spcific port
> >
> >
> >"Nico Angenon" <nico@creaweb.fr> wrote:
> >> nope... never used this service...
> >> Still looking for an explanation, try chrootkit and rkhunter right
> >> now....
> >
> >Try fuser:
> >
> >fuser -n udp 10001
> >
> >-johan
> >
> >
> >-- 
> >To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> >with a subject of "unsubscribe". Trouble? Contact
> >listmaster@lists.debian.org
> >Archive: [🔎] 7FDB49F9BD694384B75B034AE72A5825@NicoPC">http://lists.debian.org/[🔎] 7FDB49F9BD694384B75B034AE72A5825@NicoPC
> >
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive:
> [🔎] 201401221014.14815.mmucciolo@suteba.org.ar">http://lists.debian.org/[🔎] 201401221014.14815.mmucciolo@suteba.org.ar
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 2982F3BBF0F24EE283ACDB8DF366C387@NicoPC">http://lists.debian.org/[🔎] 2982F3BBF0F24EE283ACDB8DF366C387@NicoPC
> 

-- 
Kind regards,  Milan
--------------------------------------------------
Arvanta,        http://www.arvanta.net
Please do not send me e-mail containing HTML code or documents in
proprietary format (word, excel, pps and so on)