From: Chip Salzenberg <chip@debian.org>
To: Jordi Mallach <jordi@debian.org>
Cc: Neil Brown <neilb@cse.unsw.edu.au>,
nfs@lists.sourceforge.net, 203918-quiet@bugs.debian.org
Subject: Re: [chip@debian.org: Debian Bug#203918 - statd request on eth interface, not localhost?]
Date: Thu, 21 Aug 2003 10:48:11 -0400 [thread overview]
Message-ID: <20030821144811.GH14355@perlsupport.com> (raw)
In-Reply-To: <20030821075826.GA27391@nubol.int.oskuro.net>
According to Jordi Mallach:
> I have never used tcpdump more than to play a little, so I could use
> some pointers about what I should look at.
First you use 'rpcinfo -p' to see which ports statd is listening to
on the machine where statd is complaining:
$ rpcinfo -p | grep status
100024 1 udp 936 status
100024 1 tcp 939 status
That's udp port 936 and tcp port 939. Then you want to watch all
traffic to/from those ports:
# tcpdump udp port 936 or tcp port 939
You may also need to specify "-i eth1" or whatever if the IP address
you're seeing isn't on your eth0.
Then you sit and watch. A combination of "screen" and "script" may
also be helpful. The man page for tcpdump, section "OUTPUT FORMAT",
explains how to interpret the output.
The key thing is the source IP and port of whoever's talking to statd.
Then you go to the source machine and use 'lsof' to see what program
has bound to that port. If the program is gone by the time you get
there, you'll need to prevent statd from answering the request, which
will entail compiling a custom statd or perhaps using iptables to kill
any outgoing answer packets.
--
Chip Salzenberg - a.k.a. - <chip@pobox.com>
"I wanted to play hopscotch with the impenetrable mystery of existence,
but he stepped in a wormhole and had to go in early." // MST3K
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2003-08-21 15:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-12 15:21 [chip@debian.org: Debian Bug#203918 - statd request on eth interface, not localhost?] Chip Salzenberg
2003-08-13 4:06 ` Neil Brown
2003-08-13 8:22 ` Jordi Mallach
2003-08-20 17:59 ` Chip Salzenberg
2003-08-21 7:58 ` Jordi Mallach
2003-08-21 14:48 ` Chip Salzenberg [this message]
2003-08-22 19:38 ` Jordi Mallach
2003-08-20 18:06 ` Debian bug #165744 - 'Received erroneous SM_UNMON request' Chip Salzenberg
2003-08-22 6:26 ` Neil Brown
2003-08-22 15:10 ` Chip Salzenberg
2003-08-25 6:37 ` Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030821144811.GH14355@perlsupport.com \
--to=chip@debian.org \
--cc=203918-quiet@bugs.debian.org \
--cc=jordi@debian.org \
--cc=neilb@cse.unsw.edu.au \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.