[CentOS] Tracking Open Ports
Eric Falbe
ericf706 at gmail.com
Fri May 30 16:12:26 UTC 2014
On 05/30, Les Mikesell wrote:
> On Fri, May 30, 2014 at 10:14 AM, Eric Falbe <ericf706 at gmail.com> wrote:
> > Hi All,
> >
> > I was wondering if anyone knew of a way to notify or log when a specific remote port is openened? I have an old LDAP server that I am looking to get rid of, but there is still a few queries reaching it.
> >
> > The sytem authentication is setup correctly (as is Postfix), so I am thinking there must be some script or program that is setup to query the older LDAP server.
> >
> > I tried using lsof -i|grep 389, but I am not quick enough to get results before the socket is closed. Is there any program or script I could write to detect when this socket gets opened, and what PID and/or program owns it?
> >
>
> I'd run tcpdump or wireshark with a 'port 389' filter on the old ldap
> server to capture the source IPs of the queries if you don't know the
> host(s) doing it. And if you know the host(s) but not the program(s)
> configured to do it, you might try a 'grep -R 'pattern' /etc
> where the pattern is the name or ip of the ldap server.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
That's what I am currently doing, (grep -R "old_server") and letting it chug along. I tried the iptables rule, but I still could not find the connection is lsof output, so the connection must close before the log proccessing takes place.
Thanks for the suggestions.
Eric Falbe
More information about the CentOS
mailing list