Hi Brian, You can enable iptables to track the network behavior. Best regards, ------------ Banyan Email: banyan at rootong.com Web: www.rootong.com On 5/30/2014 11:35 PM, Brian Mathis wrote: > You could setup an iptables rule on the OUTPUT chain to log attempted > accesses, then > watch the log file, like outlined here: > > http://stackoverflow.com/questions/11584824/run-a-system-command-when-an-iptables-rule-is-matched > > You could use "lsof -n ..." to find the command trying to open the port. > > Another option might be to setup tcpdump to capture all packets (including > payload data) going to that server/port, then review that and see if you > find any clues about the program making the requests. > > > ❧ Brian Mathis > @orev > > > On Fri, May 30, 2014 at 11:14 AM, Eric Falbe <ericf706 at gmail.com> wrote: > >> Hi All, >> >> I was wondering if anyone knew of a way to notify or log when a specific >> remote port is openened? I have an old LDAP server that I am looking to >> get rid of, but there is still a few queries reaching it. >> >> The sytem authentication is setup correctly (as is Postfix), so I am >> thinking there must be some script or program that is setup to query the >> older LDAP server. >> >> I tried using lsof -i|grep 389, but I am not quick enough to get results >> before the socket is closed. Is there any program or script I could write >> to detect when this socket gets opened, and what PID and/or program owns it? >> >> Thanks, >> Eric Falbe >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos