On 05/30, Les Mikesell wrote:
> On Fri, May 30, 2014 at 10:14 AM, Eric Falbe <ericf706@xxxxxxxxx> wrote:
> > Hi All,
> >
> > I was wondering if anyone knew of a way to notify or log when a specific remote port is openened? I have an old LDAP server that I am looking to get rid of, but there is still a few queries reaching it.
> >
> > The sytem authentication is setup correctly (as is Postfix), so I am thinking there must be some script or program that is setup to query the older LDAP server.
> >
> > I tried using lsof -i|grep 389, but I am not quick enough to get results before the socket is closed. Is there any program or script I could write to detect when this socket gets opened, and what PID and/or program owns it?
> >
>
> I'd run tcpdump or wireshark with a 'port 389' filter on the old ldap
> server to capture the source IPs of the queries if you don't know the
> host(s) doing it. And if you know the host(s) but not the program(s)
> configured to do it, you might try a 'grep -R 'pattern' /etc
> where the pattern is the name or ip of the ldap server.
>
> --
> Les Mikesell
> lesmikesell@xxxxxxxxx
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
That's what I am currently doing, (grep -R "old_server") and letting it chug along. I tried the iptables rule, but I still could not find the connection is lsof output, so the connection must close before the log proccessing takes place.
Thanks for the suggestions.
Eric Falbe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
