|
Home > Archive > alt.os.linux > October 2002 > Preverbial port 1024
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Preverbial port 1024
|
|
| Joe Fredrickson 2002-10-04, 2:25 am |
| Hey all
Can someone please shed some light on why
If I start my machine and start an nfs server during boot up
(can be the kernel server or just the software one) that port
1024 gets opened and used by an unknown process (which nmap
believes to be kdm, i dont have X installed let alone any of
KDE)
But if I just start the nfs server after boot up
/etc/init.d/nfs-server start
That port 1024 doesnt get used at all, fullstop!
I did some playing around and shutdown each process on my machine
seperately to see if it was the nfs-server doing it, and sure as
anything when I shutdown nfs-server port 1024 disappeared.
[ALSO] I have booted several times to verify that port 1024 does
or doesnt get opened. It only ever opens when an nfs-server is
started during bootup.
I tried moving the nfs start up to earlier and later in the startup
but that didnt stop port 1024 opening either.
So whats the deal??
PS. This is all only for tcp connections, irrespective of what I do
I can't get 1024/udp to close (unknown service)
NB. Yes crossposting is annoying, but this issue is in the google
groups section a billion times, but it has never been related to
NFS before and I want to cover as many people as possible.
--
cheerio
Registered Linux User 282072
<www.volutin.net -- everything irrelevant>
| |
| Tim Haynes 2002-10-04, 4:25 am |
| Joe Fredrickson <joe@volutin.net> writes:
> If I start my machine and start an nfs server during boot up (can be the
> kernel server or just the software one) that port 1024 gets opened and
> used by an unknown process (which nmap believes to be kdm, i dont have X
> installed let alone any of KDE)
There are no unknown processes, just you not using netstat -p, fuser -n tcp
or lsof -i. RTFM.
[snip]
> NB. Yes crossposting is annoying, but this issue is in the google groups
> section a billion times, but it has never been related to NFS before and
> I want to cover as many people as possible.
Cross-posting to groups where it's off-topic is worse, and setting
follow-up headers without declaring them even worse still.
~Tim
--
09:30:43 up 14:18, 2 users, load average: 0.51, 0.40, 0.29
piglet@stirfried.vegetable.org.uk |Cries of mercy rise like rockets
http://piglet.is.dreaming.org |Through the paths of the redeemed
| |
| Joe Fredrickson 2002-10-04, 10:25 am |
| On Fri, 4 Oct 2002 06:32 pm, Tim Haynes posted to alt.os.linux the following
blurb ::
> Joe Fredrickson <joe@volutin.net> writes:
>
>> If I start my machine and start an nfs server during boot up (can be the
>> kernel server or just the software one) that port 1024 gets opened and
>> used by an unknown process (which nmap believes to be kdm, i dont have X
>> installed let alone any of KDE)
>
> There are no unknown processes, just you not using netstat -p, fuser -n
> tcp or lsof -i. RTFM.
Maybe if you were to read in context this paragraph might make sense.
[BUT] just to appease you I've re-ran
netstat -p |grep 1024
lsof -i |grep 1024
Guess what? The output is blank!
>> NB. Yes crossposting is annoying, but this issue is in the google groups
>> section a billion times, but it has never been related to NFS before and
>> I want to cover as many people as possible.
>
> Cross-posting to groups where it's off-topic is worse, and setting
> follow-up headers without declaring them even worse still.
I was unaware of the follow up being set, sorry.
--
cheerio
Registered Linux User 282072
<www.volutin.net -- everything irrelevant>
| |
| Whoever 2002-10-04, 4:25 pm |
| On Fri, 4 Oct 2002, Joe Fredrickson wrote:
>
> Maybe if you were to read in context this paragraph might make sense.
> [BUT] just to appease you I've re-ran
> netstat -p |grep 1024
> lsof -i |grep 1024
>
> Guess what? The output is blank!
Try "netstat -avpn | grep 1024"
| |
|
| Joe Fredrickson wrote:
> Hey all
>
> Can someone please shed some light on why
>
> If I start my machine and start an nfs server during boot up
> (can be the kernel server or just the software one) that port
> 1024 gets opened and used by an unknown process (which nmap
> believes to be kdm, i dont have X installed let alone any of
> KDE)
>
> But if I just start the nfs server after boot up
> /etc/init.d/nfs-server start
> That port 1024 doesnt get used at all, fullstop!
>
> I did some playing around and shutdown each process on my machine
> seperately to see if it was the nfs-server doing it, and sure as
> anything when I shutdown nfs-server port 1024 disappeared.
> [ALSO] I have booted several times to verify that port 1024 does
> or doesnt get opened. It only ever opens when an nfs-server is
> started during bootup.
>
> I tried moving the nfs start up to earlier and later in the startup
> but that didnt stop port 1024 opening either.
>
> So whats the deal??
>
> PS. This is all only for tcp connections, irrespective of what I do
> I can't get 1024/udp to close (unknown service)
>
> NB. Yes crossposting is annoying, but this issue is in the google
> groups section a billion times, but it has never been related to
> NFS before and I want to cover as many people as possible.
>
1024 is probably used by rpc.mountd.
At kernel nfs start, rpc.mountd process uses this port because it is the first
up-privilaged open port.
Once you have booted up, starting nfs will cause rpc.mountd to search for an
unused port and it will most likely not be 1024.
| |
| Will Mays 2002-10-05, 8:25 am |
|
"Tim Haynes" <usenet@stirfried.vegetable.org.uk> wrote in message
news:86vg4isiyj.fsf@potato.vegetable.org.uk...
[snip]
> Cross-posting to groups where it's off-topic is worse, and setting
> follow-up headers without declaring them even worse still.
Tim -- no need to be mean about it.
Joe posted to the following groups:
alt.os.linux - seems relevant
comp.os.linux - ditto
comp.os.linux.networking - definately relevant
comp.os.linux.security - also def. relevant
comp.os.linux.development.system - possibly not.
The only [possibly irrelevant] one out of those is the last one.
| |
| those who know me have no need of my name 2002-10-05, 9:18 pm |
| [fu-t set]
in comp.os.linux.security i read:
>netstat -p |grep 1024
>lsof -i |grep 1024
better use ``netstat -apn | grep :1024'' or ``lsof -Pi :1024'', and you
probably need to be root when you do it.
also, if one of these commands doesn't say it's inuse what prompted you to
post in the first place?
my guess is that you are running named and seeing the i/o socket.
--
bringing you boring signatures for 17 years
|
|
|
|
|