[gentoo-user] find a process by the port it's listening on?

[J. Patrick Campbell]

I have a non-functioning auth daemon taking up my port 113 and i don't
know how to find it / kill it so i can try another auth daemon.
any ideas?

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2004-07-23 00:02
EDT
Interesting ports on 192.168.1.111:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.8.1p1 (protocol 2.0)
113/tcp open auth?
8000/tcp open http Apache httpd 2.0.50 ((Gentoo/Linux))
10000/tcp open http Webmin httpd
MAC Address: 00:0C:29:CD:79:46 (VMware)

thanks,

Patrick

--
gento...@gentoo.org mailing list

[Norberto Bensa]

J. Patrick Campbell wrote:
> I have a non-functioning auth daemon taking up my port 113 and i don't
> know how to find it / kill it so i can try another auth daemon.
> any ideas?

# netstat -p | grep 113

--
gento...@gentoo.org mailing list

[J. Patrick Campbell]

root@bitchass scorpaen # netstat -p | grep 113
tcp        0      0 192.168.1.111:ssh       192.168.1.113:45748     ESTABLISHED 6793/sshd: scorpaen
tcp        0      0 192.168.1.111:ssh       192.168.1.113:45763     ESTABLISHED 6873/sshd: scorpaen


hmm. this isn't showing me what's listening on port 113

[Norberto Bensa]

J. Patrick Campbell wrote:
> >
> > # netstat -p | grep 113
> >
>

> hmm. this isn't showing me what's listening on port 113

Try "lsof" (emerge lsof)

--
gento...@gentoo.org mailing list

[Nick Rout]

netstat -np|grep 113

-n = don't convert port numbers to service names.

--
Nick Rout <ni...@rout.co.nz>

--
gento...@gentoo.org mailing list

[J. Patrick Campbell]

On Fri, 2004-07-23 at 00:18, Nick Rout wrote:
> netstat -np|grep 113
>
> -n = don't convert port numbers to service names.
>

this gives me the same results.

Thanks,

Patrick

>
> On Fri, 23 Jul 2004 00:13:12 -0400
> "J. Patrick Campbell" <pat...@patrickcampbell.us> wrote:
>
> > On Fri, 2004-07-23 at 00:08, Norberto Bensa wrote:
> >
> > > J. Patrick Campbell wrote:
> > > > I have a non-functioning auth daemon taking up my port 113 and i don't
> > > > know how to find it / kill it so i can try another auth daemon.
> > > > any ideas?
> > >
> > > # netstat -p | grep 113
> > >
> > > --
> > > gento...@gentoo.org mailing list
> > >
> >
> >
> > root@bitchass scorpaen # netstat -p | grep 113
> > tcp 0 0 192.168.1.111:ssh 192.168.1.113:45748
> > ESTABLISHED 6793/sshd: scorpaen
> > tcp 0 0 192.168.1.111:ssh 192.168.1.113:45763
> > ESTABLISHED 6873/sshd: scorpaen
> >
> >
> > hmm. this isn't showing me what's listening on port 113
> >

--
gento...@gentoo.org mailing list

[Norberto Bensa]

J. Patrick Campbell wrote:
> On Fri, 2004-07-23 at 00:18, Nick Rout wrote:
> > netstat -np|grep 113
> >
> > -n = don't convert port numbers to service names.
>
> this gives me the same results.

Most probably, you have no daemon listening in 113.

What's the output of rc-status?

Do you have xinetd?
What's inside /etc/xinet.conf ?
What's in /etc/xinet.d/

Do you have iptables, shorewall, or other firewall in place?

--
gento...@gentoo.org mailing list

[Nick Rout]

On Fri, 23 Jul 2004 00:23:03 -0400
"J. Patrick Campbell" <pat...@patrickcampbell.us> wrote:

> On Fri, 2004-07-23 at 00:18, Nick Rout wrote:
> > netstat -np|grep 113
> >
> > -n = don't convert port numbers to service names.
> >
>
>
> this gives me the same results.

its probably running out of xinetd then.

peruse /etc/xinetd.d/*

>
> Thanks,
>
> Patrick
>
>
> >
> > On Fri, 23 Jul 2004 00:13:12 -0400
> > "J. Patrick Campbell" <pat...@patrickcampbell.us> wrote:
> >
> > > On Fri, 2004-07-23 at 00:08, Norberto Bensa wrote:
> > >
> > > > J. Patrick Campbell wrote:
> > > > > I have a non-functioning auth daemon taking up my port 113 and i don't
> > > > > know how to find it / kill it so i can try another auth daemon.
> > > > > any ideas?
> > > >
> > > > # netstat -p | grep 113
> > > >
> > > > --
> > > > gento...@gentoo.org mailing list
> > > >
> > >
> > >
> > > root@bitchass scorpaen # netstat -p | grep 113
> > > tcp 0 0 192.168.1.111:ssh 192.168.1.113:45748
> > > ESTABLISHED 6793/sshd: scorpaen
> > > tcp 0 0 192.168.1.111:ssh 192.168.1.113:45763
> > > ESTABLISHED 6873/sshd: scorpaen
> > >
> > >
> > > hmm. this isn't showing me what's listening on port 113
> > >
>
>
> --
> gento...@gentoo.org mailing list

--

[J. Patrick Campbell]

On Fri, 2004-07-23 at 00:26, Norberto Bensa wrote:
> J. Patrick Campbell wrote:
> > On Fri, 2004-07-23 at 00:18, Nick Rout wrote:
> > > netstat -np|grep 113
> > >
> > > -n = don't convert port numbers to service names.
> >
> > this gives me the same results.
>
> Most probably, you have no daemon listening in 113.
>
> What's the output of rc-status?
>
> Do you have xinetd?
> What's inside /etc/xinet.conf ?

found it in here. had 2 auth servers. ok so i killed the default one and
i was able to execute my new one, midentd without troubles.
nmap now returns
113/tcp open ident midentd
YAY!
ok so now something strange. i have no firewall and my linksys router
is set to port triggering for outgoing ports 6667-7000 to open port 113
to the client. This setup works great on 2 workstations but on my server
my irc client is getting rejected saying i dont have an ident server
running. Any ideas?

Thanks,

Patrick

> What's in /etc/xinet.d/
>
> Do you have iptables, shorewall, or other firewall in place?
>
> --
> gento...@gentoo.org mailing list
>

--
gento...@gentoo.org mailing list

[Norberto Bensa]

J. Patrick Campbell wrote:
> my linksys router
> is set to port triggering for outgoing ports 6667-7000 to open port 113
> to the client. This setup works great on 2 workstations but on my server
> my irc client is getting rejected saying i dont have an ident server
> running. Any ideas?

Hm. Kill irc on your two WS and start irc on the server; does it work?
Are you sure the the IRC server listen on 6667-7000?

BTW, what irc server _needs_ ident running?

Regards,
Norberto

--
gento...@gentoo.org mailing list

[Heiko Wundram]

Am Freitag, 23. Juli 2004 06:49 schrieb Norberto Bensa:
> BTW, what irc server _needs_ ident running?

Many larger networks request this (e.g. DALnet), as a form of anti-bot
protection, because IRC-clients in virii/backdoors which connect to IRC to
listen for commands to DDOS or do something else normally don't implement
IDENT.

Of course, if you're completely firewalled from the outside, you can't join
those networks (which is why I can't be on DALnet anymore).

Thank god we have that Luser-OS around... Not...

Heiko.

--
gento...@gentoo.org mailing list

[Spider]

begin quote

On Fri, 23 Jul 2004 01:17:36 -0300
Norberto Bensa <norberto+g...@bensa.ath.cx> wrote:

> J. Patrick Campbell wrote:
> > >
> > > # netstat -p | grep 113
> > >
> >
> > hmm. this isn't showing me what's listening on port 113
>
> Try "lsof" (emerge lsof)
>

Actually, the command he wants is "lsof -i"

//Spider

--
begin .signature
Tortured users / Laughing in pain
See Microsoft KB Article Q265230 for more information.
end

[J. Patrick Campbell]

On Fri, 2004-07-23 at 00:49, Norberto Bensa wrote:
> J. Patrick Campbell wrote:
> > my linksys router
> > is set to port triggering for outgoing ports 6667-7000 to open port 113
> > to the client. This setup works great on 2 workstations but on my server
> > my irc client is getting rejected saying i dont have an ident server
> > running. Any ideas?
>
> Hm. Kill irc on your two WS and start irc on the server; does it work?
> Are you sure the the IRC server listen on 6667-7000?

>
> BTW, what irc server _needs_ ident running?
>

undernet.org

> Regards,
> Norberto
>
> --
> gento...@gentoo.org mailing list
>

I finally have an ident server working. I blew away my xinetd.conf, well
the entry in it for my old ident server. This also killed all my other
services that were in there by default like daytime, echo, but i dont
use those so i dont' really mind. I created a new entry via webmin for
midentd, restarted xinetd and i'm connecting!!!

Thank you all for all your help.

Patrick Campbell

--
gento...@gentoo.org mailing list