View previous topic :: View next topic |
Author |
Message |
dylanthomasfan n00b
Joined: 02 Mar 2005 Posts: 27
|
Posted: Sun Apr 29, 2012 9:24 pm Post subject: netstat reports all localhost names as "livecd.home&quo |
|
|
Hi Folks,
This is a rather curious issue. On my gentoo 2.6.39-gentoo-r3 box, the netstat output gives the name of localhost as "livecd.home." Any ideas why this is the case, and what is causing this?
Code: |
myhost~ # netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 livecd.home:54840 stackoverflow.com:http ESTABLISHED
tcp 0 0 livecd.home:54837 stackoverflow.com:http ESTABLISHED
tcp 1 0 livecd.home:49382 204.2.196.123:http CLOSE_WAIT
tcp 1 0 livecd.home:44753 204.2.196.98:http CLOSE_WAIT
tcp 0 0 livecd.home:54830 stackoverflow.com:http ESTABLISHED
|
At the same time, one of my netstat LISTEN ports is not traceable to any process (get process id from lsinfo or fuser port/protocol and then grep it on the ps -eLf list, OR check on rpcinfo -p). This is also very curious. I downloaded and ran chkrootkit and rkhunter, but those tools did not report anything. This host is running inside my home with no external-facing ports, but that of course, means very little. Please note that in the following output, most of the ports, except the obvious ones have been anonymized:
Code: |
myhost~ # netstat -tunap | grep LISTEN
tcp 0 0 0.0.0.0:23351 0.0.0.0:* LISTEN 2066/rpc.mountd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1988/rpcbind
tcp 0 0 0.0.0.0:912 0.0.0.0:* LISTEN 2003/ypbind
tcp 0 0 0.0.0.0:12711 0.0.0.0:* LISTEN 2066/rpc.mountd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2130/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1962/cupsd
tcp 0 0 0.0.0.0:25678 0.0.0.0:* LISTEN 31505/synergys
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN - // THIS I KNOW IS NFS FROM RPCINFO -P
tcp 0 0 0.0.0.0:23331 0.0.0.0:* LISTEN 2020/rpc.statd
tcp 0 0 0.0.0.0:99999 0.0.0.0:* LISTEN 2066/rpc.mountd
tcp 0 0 0.0.0.0:17711 0.0.0.0:* LISTEN - // NLOCKMGR FROM RPCINFO -P
tcp6 0 0 :::111 :::* LISTEN 1988/rpcbind
tcp6 0 0 :::28901 :::* LISTEN 2020/rpc.statd
tcp6 0 0 :::22 :::* LISTEN 2130/sshd
tcp6 0 0 :::41870 :::* LISTEN 2066/rpc.mountd
tcp6 0 0 ::1:631 :::* LISTEN 1962/cupsd
tcp6 0 0 :::51111 :::* LISTEN 2066/rpc.mountd
tcp6 0 0 :::2049 :::* LISTEN - // IS THIS ALSO NFS?
tcp6 0 0 :::77777 :::* LISTEN 2066/rpc.mountd
tcp6 0 0 :::11111 :::* LISTEN - // NO IDEA!
|
Any help wrt to the "livecd.home" and the unknown LISTEN ports is appreciated.
Thanks. |
|
Back to top |
|
|
platojones Veteran
Joined: 23 Oct 2002 Posts: 1602 Location: Just over the horizon
|
Posted: Sun Apr 29, 2012 9:43 pm Post subject: |
|
|
Well, for the hostname of livecd, did you ever set your hostname up in /etc/conf.d/hostname? |
|
Back to top |
|
|
dylanthomasfan n00b
Joined: 02 Mar 2005 Posts: 27
|
Posted: Sun Apr 29, 2012 9:50 pm Post subject: |
|
|
Yes, the /etc/conf.d/hostname has been set to my hostname. |
|
Back to top |
|
|
BillWho Veteran
Joined: 03 Mar 2012 Posts: 1600 Location: US
|
Posted: Mon Apr 30, 2012 1:14 am Post subject: |
|
|
dylanthomasfan,
Does
Code: | grep livecd /etc/hosts |
return anything _________________ Good luck
Since installing gentoo, my life has become one long emerge |
|
Back to top |
|
|
dylanthomasfan n00b
Joined: 02 Mar 2005 Posts: 27
|
Posted: Mon Apr 30, 2012 1:28 am Post subject: |
|
|
No, grep livecd /etc/hosts returns nothing. Could this be due to faulty NIS configuration? The host is a NIS client.
PS: For what it's worth, the "livecd.home" has gone away in the netstat listing! |
|
Back to top |
|
|
BillWho Veteran
Joined: 03 Mar 2012 Posts: 1600 Location: US
|
Posted: Mon Apr 30, 2012 2:29 am Post subject: |
|
|
dylanthomasfan,
Quote: | Could this be due to faulty NIS configuration? |
I have never setup a NIS server so I can't even speculate on the subject, but I guess anything is possible.
netstat's address on this machine is derived from /etc/hosts based on the static IP that's assigned. The hostname is gentoo-gateway.
Code: | Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 gateway.com:43506 ec2-184-73-178-24.:http ESTABLISHED
tcp 0 0 gateway.com:38168 208-44-23-50.dia.s:http TIME_WAIT
root@gentoo-gateway .ssh # grep gateway.com /etc/hosts
192.168.1.102 gateway.com
root@gentoo-gateway .ssh # cat /etc/conf.d/hostname
# Set to the hostname of this machine
hostname="gentoo-gateway"
|
I had forgotten that I set it in /etc/hosts and I too had to run-down the name a while back. That's the reason I had you check the /etc/hosts file.
This might not ease your mind with the mystery 11111 port
Code: | root@gentoo-gateway etc # grep -n 11111 /etc/services
1076:vce 11111/tcp # Viral Computing Environment (VCE)
1077:vce 11111/udp
|
_________________ Good luck
Since installing gentoo, my life has become one long emerge |
|
Back to top |
|
|
dylanthomasfan n00b
Joined: 02 Mar 2005 Posts: 27
|
Posted: Mon Apr 30, 2012 3:08 am Post subject: |
|
|
The port is not an issue because I changed them before posting this question.
This post seems close to answering my question: http://ubuntuforums.org/showthread.php?t=923345. I do have NFS running, and in the kernel.
The livecd.home issue is very bizarre and I am sure I will be looking for it again! |
|
Back to top |
|
|
BillWho Veteran
Joined: 03 Mar 2012 Posts: 1600 Location: US
|
Posted: Mon Apr 30, 2012 3:51 am Post subject: |
|
|
dylanthomasfan,
One more thought is checking in /etc/conf.d/net _________________ Good luck
Since installing gentoo, my life has become one long emerge |
|
Back to top |
|
|
dylanthomasfan n00b
Joined: 02 Mar 2005 Posts: 27
|
Posted: Mon Apr 30, 2012 11:01 am Post subject: |
|
|
That turns out blank! |
|
Back to top |
|
|
|