Re: Tracking Open Ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



You could setup an iptables rule on the OUTPUT chain to log attempted
accesses, then
watch the log file, like outlined here:

http://stackoverflow.com/questions/11584824/run-a-system-command-when-an-iptables-rule-is-matched

You could use "lsof -n ..." to find the command trying to open the port.

Another option might be to setup tcpdump to capture all packets (including
payload data) going to that server/port, then review that and see if you
find any clues about the program making the requests.


❧ Brian Mathis
@orev


On Fri, May 30, 2014 at 11:14 AM, Eric Falbe <ericf706@xxxxxxxxx> wrote:

> Hi All,
>
> I was wondering if anyone knew of a way to notify or log when a specific
> remote port is openened?  I have an old LDAP server that I am looking to
> get rid of, but there is still a few queries reaching it.
>
> The sytem authentication is setup correctly (as is Postfix), so I am
> thinking there must be some script or program that is setup to query the
> older LDAP server.
>
> I tried using lsof -i|grep 389, but I am not quick enough to get results
> before the socket is closed.  Is there any program or script I could write
> to detect when this socket gets opened, and what PID and/or program owns it?
>
> Thanks,
> Eric Falbe
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos





[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux