View Single Post
  #3  
Old 12th February 2009, 15:52
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Hi,

Quote:
Originally Posted by falko View Post
What's the output of
Code:
netstat -tap
?

-tap doesn't appear to give me ports, just pids. I added --numeric-ports to the command and go this:
Code:
[root@munge ~]# netstat -tap --numeric-ports
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 *:993                       *:*                         LISTEN      1287/dovecot        
tcp        0      0 *:995                       *:*                         LISTEN      1287/dovecot        
tcp        0      0 *:3306                      *:*                         LISTEN      1252/mysqld         
tcp        0      0 *:110                       *:*                         LISTEN      1287/dovecot        
tcp        0      0 localhost.localdomain:3310  *:*                         LISTEN      1165/clamd          
tcp        0      0 *:2222                      *:*                         LISTEN      1132/sshd           
tcp        0      0 localhost.localdomain:783   *:*                         LISTEN      1309/spamd.pid      
tcp        0      0 *:143                       *:*                         LISTEN      1287/dovecot        
tcp        0      0 *:80                        *:*                         LISTEN      1901/httpd          
tcp        0      0 *:465                       *:*                         LISTEN      5990/master         
tcp        0      0 *:81                        *:*                         LISTEN      1665/ispconfig_http 
tcp        0      0 munge.server.net:53      *:*                         LISTEN      2070/named          
tcp        0      0 localhost.localdomain:53    *:*                         LISTEN      2070/named          
tcp        0      0 *:21                        *:*                         LISTEN      1383/proftpd: (acce 
tcp        0      0 *:25                        *:*                         LISTEN      5990/master         
tcp        0      0 munge.server.net:25      138.subnet125-164-201:50256 SYN_RECV    -                   
tcp        0      0 munge.server.net:25      220.224.23.89:2245          SYN_RECV    -                   
tcp        0      0 localhost.localdomain:953   *:*                         LISTEN      2070/named          
tcp        0      0 *:443                       *:*                         LISTEN      1901/httpd          
tcp        0      0 *:990                       *:*                         LISTEN      1383/proftpd: (acce
So, I can see that proftpd is running on port 21, yet the alerts keep getting sent.

I also see an instance on port 990 but I don't know why and it doesn't pick up anyhow.

What's the output of
Code:
netstat -tap
after you've changed the port? What port
number are you trying?
After changing the port to 446, netstat reports two instances of proftpd listening on ports 21 and 446. However, the one on port 446 does not pick up (it just times out) and the one on 21 terminates immediately upon connection with a "500 Sorry, no server available to handle request on server"

Thanks,

Jon
Reply With Quote