LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

July 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS July 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Port puzzle
From:	Anne Wilson <[log in to unmask]>
Reply To:	Anne Wilson <[log in to unmask]>
Date:	Fri, 6 Jul 2012 16:24:00 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/07/12 15:55, Tom H wrote:
> On Fri, Jul 6, 2012 at 10:29 AM, Anne Wilson
> <[log in to unmask]> wrote:
>> On 06/07/12 14:08, Mark Stodola wrote:
>>> On 07/06/2012 04:06 AM, Anne Wilson wrote: Logwatch on my
>>> laptop tells me
>>> 
>>> Listed by source hosts: Dropped 30 packets on interface eth0
>>> From 192.168.0.40 - 30 packets to tcp(38575)
>>> 
>>> 192.168.0.40 is a mail/file/print server running SL.  It may
>>> also be relevant that the laptop has fstab mounts to data areas
>>> on the server.
>>> 
>>> I feel that there must be some way I can trace what is
>>> actually sending those packets, so that I can make an
>>> assessment, but I've no idea how/where to look.  I see that
>>> it's an unallocated address, so I've no pointer at all.
>>> 
>>> Where should I start looking?
>>> 
>>> Anne
>>> 
>>> If the connection is still active, you can use a combination
>>> of 'netstat -na' and/or 'lsof -nP -i4' to find the process
>>> owning the connection. If it isn't, it will be difficult to
>>> track down without fancier logging/capturing tools.  You
>>> mentioned remote mounts, but not what method (CIFS, NFS, etc).
>>> If it is NFS, pseudo-random ports are chosen for the client
>>> connections and may be your culprit.
>>> 
>> It is indeed NFS.  The logs show ~6 of these high-number
>> allocated ports listening, so you could well be right.  Is there
>> any way to confirm that?  I have several nfs mounts in fstab.
>> One for each mount probably explains it.
> 
> If it's ifs, you can set the ports to known values through 
> "/etc/sysconfig/nfs" and then see whether it's one of these ports 
> that's used.

OK - I had left the defaults, which it does say is random for the
outgoing port.  I've restarted nfs, now I have to wait until Saturday
morning, to see whether tomorrow's log is clean :-)

Thanks for all the help - I'll report back.

Anne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/3Aw4ACgkQj93fyh4cnBd24QCfcr4cqyR3CLP0X4y/1SWBZMyh
yJ8An1qHrywE2rjfTYQ2OOEISGJmh/Xt
=QdqM
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV