Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Open solaris ports

Status
Not open for further replies.

csgonan

MIS
May 2, 2007
118
US
Hello,

I have a number of Solaris 8 Sun servers that have open ports that I cannot identify. I see some with 1013-1023 (which are reserved ports according to the IANA. Lsof does not identify these. I rebooted the server and they shut down but this morning I looked and they were all open again. They are not listed in /etc/servies. Any suggestions would be appreciated.

Thank you.

*.1023 Idle
*.1022 Idle
*.1021 Idle
*.1020 Idle
*.1019 Idle
*.1018 Idle
*.1017 Idle
*.1016 Idle
*.1015 Idle
*.1014 Idle
*.1013 Idle
 
Thanks but I used a very similar script and there are no applications using it. That is what is strange because they shut when I rebooted and I noticed them this morning.

Thanks again.
 
Perhaps they are preallocated for RPC or something... try stopping RPC services to see if they go away?

Annihilannic.
 
I wish that was true. RPC is never turned on. I can't even do an rpcinfo.

Since these ports went on after a reboot (not immediately after either) I would love to capture the output of some long-running snoop or truss and see what is happening. The truss would be too long unless there is a way of limiting it to recognizing just the ports.

Any ideas are helpful.

Thank you for the suggestion.
 
I know you said "lsof does not identify these"... what is the output of lsof -i :1013? Just nothing?

Annihilannic.
 
good morning.

Yes, nothing is returned, with any of those ports. From what I understand UDP ports will not return anything to lsof. Also, on one server which has only 1017 shown in netstat, it is TCP with a "bound" status but nothing also displays from lsof.

I received a recommendation to try and direct alot of traffic to those ports, so much that maybe a TOP command or something returns a process. I have to figure out how to do that.

Thank you for your responses.
 
Are you running lsof as root?

I know that lsof will do return different things:

$ lsof -i :123
$ su
Password:
# lsof -i :123
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
ntpd 2100 ntp 16u IPv4 5403 UDP *:ntp
ntpd 2100 ntp 17u IPv6 5404 UDP *:ntp
ntpd 2100 ntp 18u IPv6 5405 UDP ip6-localhost:ntp
ntpd 2100 ntp 19u IPv6 5406 UDP [fe80::20c:29ff:fe39:1fbe]:ntp
ntpd 2100 ntp 20u IPv4 5407 UDP localhost:ntp
ntpd 2100 ntp 21u IPv4 5408 UDP
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top