AllExperts > Experts 
Search      

Unix/Linux OS

Volunteer
Answers to thousands of questions
 Home · More Questions · Answer Library  · Encyclopedia ·
More Unix/Linux OS Answers
Question Library

Ask a question about Unix/Linux OS
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About mkitwrk
Expertise
Expert: Creating and managing *nix database/application servers for use with dl4/unibasic/mysql/apache/thoroughbred applications, espcially in medical environments. Strengths: scripting, backup and disaster recovery, routing, samba/smbfs/cifs, LPRng, telnet/ssh/sftp, vsftp, rsync, new system preparation, system duplication, database design, system conversions (AIX/SCO-OS5/Linux) Familiar With: apache/apache-ssl, mysql, php, c, awk, sed, cups, gnome, nfs

Experience
I've been head of development at our company since 1984. Our OS's at that time were Point 4's IRIS and Altos' Xenix. Then: SCO Xenix, SCO Unix, AIX, SCO-OS5, Caldera, RedHat 7, Debian Sarge, RedHat ES4, Debian Etch, Redhat ES5. I've migrated our clients through those various versions with minimal interruption while preserving their investments in hardware and staff knowledge over time.

Education/Credentials
1980 BSBA Washington University, Saint Louis, Missouri

 
   

You are here:  Experts > Computing/Technology > Focus on Unix > Unix/Linux OS > listening service

Topic: Unix/Linux OS


Expert: mkitwrk
Date: 7/2/2008
Subject: listening service

Question
Hi mkitwrk,
After my commanding this,
"netstat -tlup" to my ubuntu
it gave me this outcome
xxx@ubuntu:~$ sudo netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:telnet                *:*                     LISTEN     3
tcp        0      0 *:8888                  *:*                     LISTEN     3

Can you tell me what is that "8888" for?
I dont know what's that

Answer
It is a non-standard port (i.e. it is > 1024) so I can't tell you what it is, but I can tell you basically how to trace the source...

Use ps -ef to find processes currently running.
For each one that you are not familiar, look at the startup script for it in /etc/init.d and check out any config files accessed by the script. -- Once you find one specifying port 8888 you've got it...

If it isn't there in the netstat output all the time, then you have to look in /etc/inetd.conf for any "on-demand" services. -- But, since netstat is returning a number vs. a name it is unlikely to be an inetd based service (i.e. it is not listed in /etc/services)

If all else fails, you can use "nc" (netcat) to intercept the packets and see what is going on... (or to mess with it if it turns out to be some hack from the outside world. With "nc" you can inject random packets into the stream - or put random bytes into the data packets en-route)

But it is probably something installed on your system for your use like a chat utility, emule service or something like that running on a user specified port. - The only other places to look in other than /etc/init.d/* and /etc/inetd.conf are /etc/initttab (to see if something is being kicked off directly from a change in runlevel), /var/spool/cron/*/* and /etc/cron.d/* (to see if something is being kicked off based upon timing), and your login scripts traced by starting with /etc/passwd and the ~/.bash* and ~/.profile.

Those are all the standard methods to start desired network daemons. Other methods are possible, but are not generally used unless it is a hack...

Hope that helps...
(let me know...)
Larry


View Follow-Ups    Add to this Answer    Ask a Question



  Rate this Answer
   Was this answer helpful?
Not at allDefinitely              
   12345  

     
About Us | Advertise on This Site | User Agreement | Privacy Policy | Help
Copyright  © 2008 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.