Hi Brian,
You can enable iptables to track the network behavior.
Best regards,
------------ Banyan Email: banyan@rootong.com Web: www.rootong.com
On 5/30/2014 11:35 PM, Brian Mathis wrote:
You could setup an iptables rule on the OUTPUT chain to log attempted accesses, then watch the log file, like outlined here:
http://stackoverflow.com/questions/11584824/run-a-system-command-when-an-ipt...
You could use "lsof -n ..." to find the command trying to open the port.
Another option might be to setup tcpdump to capture all packets (including payload data) going to that server/port, then review that and see if you find any clues about the program making the requests.
❧ Brian Mathis @orev
On Fri, May 30, 2014 at 11:14 AM, Eric Falbe ericf706@gmail.com wrote:
Hi All,
I was wondering if anyone knew of a way to notify or log when a specific remote port is openened? I have an old LDAP server that I am looking to get rid of, but there is still a few queries reaching it.
The sytem authentication is setup correctly (as is Postfix), so I am thinking there must be some script or program that is setup to query the older LDAP server.
I tried using lsof -i|grep 389, but I am not quick enough to get results before the socket is closed. Is there any program or script I could write to detect when this socket gets opened, and what PID and/or program owns it?
Thanks, Eric Falbe _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos