On Thursday 20 September 2007, Grant wrote: > > > I recognize everything in 'ps -ef' I think, but I've never really used > > > netstat before. Under "Active Internet connections" I don't > > > recognize: > > > > > > tcp localhost:10030 > > > tcp *:snpp > > > > Also, snpp is for pagers: > > http://en.wikipedia.org/wiki/Simple_Network_Paging_Protocol > > With netstat -lp it looks like *:snpp is associated with apache2 and > is using the same pid as *:http and *:https. I've never set up > anything having to do with a pager. I've never had a pager. What can > I do to investigate that further?
I assume then that this is spawned by apache, but don't know why apache would spawn something like this. What happens if you shut apache down? Is it still there? You could post in apache M/Ls in case they know or have seen this before. > > Then run lsof (check man lsof) to see if there is anything suspicious > > there, like another user logged in either as root or with a different > > name. > > Any handy lsof commands? I am not good with regex so I would just run it plain and work tediously my way down the list, or start from the known suspects: check the port that snpp is using as well as 10030, e.g. # lsof -i @your_host_name.com:10030 (you can use the IP address here too) # lsof -i @your_host_name.com:snpp etc. HTH. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
