Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

debug RPC

Status
Not open for further replies.
daFranze

daFranze

Technical User
Dec 29, 2003
1,334
DE
I have a host which was setup long time ago by another admin; we moved to another building and changed IP Adresses; now my FW Admin asks me to turn of RPC Calls from this particular host, but I can not find out what starts the RPC Call...

What I have is:
root@ewok$snoop | grep "10\.43\.5\."
Using device /dev/hme (promiscuous mode)
ewok -> 10.43.5.143 PORTMAP C GETPORT prog=100024 (STATMON2) vers=1 proto=UDP
ewok -> 10.43.5.143 PORTMAP C GETPORT prog=100024 (STATMON2) vers=1 proto=UDP (retransmit)
ewok -> 10.43.5.143 PORTMAP C GETPORT prog=100024 (STATMON2) vers=1 proto=UDP (retransmit)
ewok -> 10.43.5.143 PORTMAP C GETPORT prog=100024 (STATMON2) vers=1 proto=TCP

one detailed package:
ewok# snoop -v -c1 10.43.5.143
Using device /dev/hme (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 14:37:21.04
ETHER: Packet size = 98 bytes
ETHER: Destination = 0:d0:2:b1:eb:fc,
ETHER: Source = 8:0:20:f9:d7:0, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 84 bytes
IP: Identification = 25417
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 255 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = cc3b
IP: Source address = 10.43.50.47, ewok
IP: Destination address = 10.43.5.143, 10.43.5.143
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 36521
UDP: Destination port = 111 (Sun RPC)
UDP: Length = 64
UDP: Checksum = 440C
UDP:
RPC: ----- SUN RPC Header -----
RPC:
RPC: Transaction id = 1083871783
RPC: Type = 0 (Call)
RPC: RPC version = 2
RPC: Program = 100000 (PMAP), version = 2, procedure = 3
RPC: Credentials: Flavor = 0 (None), len = 0 bytes
RPC: Verifier : Flavor = 0 (None), len = 0 bytes
RPC:
PMAP: ----- Portmapper -----
PMAP:
PMAP: Proc = 3 (Get port number)
PMAP: Program = 100024 (STATMON2)
PMAP: Version = 1
PMAP: Protocol = 17 (UDP)
PMAP:

1 packets captured
ewok#

which program sends the RPC Package?

Regards
-- Franz
Sorry I'm not a native spaeker, I'm from Munich, Germany - "Home of the Whopper", oh no, "Home of the Oktoberfest" ;-)
Solaris System Manager; I used to work for Sun Microsystems Support (EMEA) for 5 years
 
Sort by date Sort by votes
If finding RPC services would help you find related applications, have you tried rpcinfo? It shows services and their ports. One application that adds rpcinfo to a server is Legato Networker (for backups).

Here's a SysAdmin magazine article on RPC calls that mentions rpcinfo and lsof:



It also mentions lsof. I'm not sure if lsof or rpcinfo output translates well into applications.
 
Upvote 0 Downvote
yes, the webpage says as a conclusion:

2) Many of the services you discover will be found in /etc/inetd.conf and are offered indirectly by inetd. For all but RPC services, it's easy to find the program that provides the service. :)

3) Many services you discover are started at boot time and will not be found in /etc/inetd.conf. If the corresponding program that provides the service is not obvious to you, use lsof to find the program that offers the service.

4) RPC services are found at strange port numbers not listed in /etc/inetd.conf or in /etc/services. Use the rpcinfo command to determine the RPC service name/number that's registered at that port. Then you should be able to find the service by name or number in /etc/inetd.conf.

5) RPC services not found in /etc/inetd.conf will typically correspond to services started at boot time. If the corresponding program that provides the service is not obvious to you, use lsof to find the program that offers the service.


------------

-> it's easy to find the program, which stands behind an RPC Program, but you can't find the program, which INITIATES the RPC Call... :(

Regards
-- Franz
Sorry I'm not a native spaeker, I'm from Munich, Germany - "Home of the Whopper", oh no, "Home of the Oktoberfest" ;-)
Solaris System Manager; I used to work for Sun Microsystems Support (EMEA) for 5 years
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hrp2010
  • Locked
  • Question
RPC: Rpcbind failure - RPC: Timed out
Replies
2
Views
133
hrp2010
hrp2010
durban56
  • Locked
  • Question
RPC svc
Replies
1
Views
29
KenCunningham
KenCunningham
kozlow
  • Locked
  • Question
showmount - RPC: Program not registered 2
Replies
10
Views
173
KenCunningham
KenCunningham
Donachie
  • Locked
  • Question
Sun RPC
Replies
0
Views
33
Donachie
Donachie
ac325ci
  • Locked
  • Question
solaris 8 start up scripts in debug mode
Replies
4
Views
36
coffeysm
coffeysm

Part and Inventory Search

Sponsor

Back
Top