[CentOS] Tracking Open Ports

Fri May 30 16:33:15 UTC 2014
Banyan <banyan at rootong.com>

Hi Brian,

You can enable iptables to track the network behavior.

Best regards,

------------
Banyan
Email: banyan at rootong.com
Web:   www.rootong.com

On 5/30/2014 11:35 PM, Brian Mathis wrote:
> You could setup an iptables rule on the OUTPUT chain to log attempted
> accesses, then
> watch the log file, like outlined here:
>
> http://stackoverflow.com/questions/11584824/run-a-system-command-when-an-iptables-rule-is-matched
>
> You could use "lsof -n ..." to find the command trying to open the port.
>
> Another option might be to setup tcpdump to capture all packets (including
> payload data) going to that server/port, then review that and see if you
> find any clues about the program making the requests.
>
>
> ❧ Brian Mathis
> @orev
>
>
> On Fri, May 30, 2014 at 11:14 AM, Eric Falbe <ericf706 at gmail.com> wrote:
>
>> Hi All,
>>
>> I was wondering if anyone knew of a way to notify or log when a specific
>> remote port is openened?  I have an old LDAP server that I am looking to
>> get rid of, but there is still a few queries reaching it.
>>
>> The sytem authentication is setup correctly (as is Postfix), so I am
>> thinking there must be some script or program that is setup to query the
>> older LDAP server.
>>
>> I tried using lsof -i|grep 389, but I am not quick enough to get results
>> before the socket is closed.  Is there any program or script I could write
>> to detect when this socket gets opened, and what PID and/or program owns it?
>>
>> Thanks,
>> Eric Falbe
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos