Re: Big traffic on 412/tcp

[zeno <bugtraq () cgisecurity net>]

> At least under FreeBSD, I've often found that 'sockstat' is a much more useful program than lsof.

I never used it until you mentioned it. lsof gives more information but sockstat makes it more readable.
Also a rootkit is more likely to replace lsof then sockstat. Another reason to use both.

- zeno () cgisecurity com




> Regards,
> Scott T. Cameron
>
>
> On Wed, Apr 24, 2002 at 10:52:29AM -0700, H C wrote:
> >  
> > > Does anyone know what they transport on this port ?
> >
> > Not off the top of my pointed head, but if you go to
> > the machine and run your tool of choice, you'll likely
> > find out:
> >
> > Linux/*nix: lsof, fuser
> > WinNT/2:    fport
> > XP:         netstat -ano
> >
> > Simply get the PID of the process using the port.  In
> > the case of Windows systems, listdlls will not only
> > give you the modules (DLLs) used by the process, but
> > also the command line that was used to launch it.
> >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Games - play chess, backgammon, pool and more
> > http://games.yahoo.com/
> >
> > ----------------------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management 
> > and tracking system please see: http://aris.securityfocus.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com