[asterisk-users] Fwd: Unknown udp ports listening experts calling !
Bruce Ferrell
bferrell at baywinds.org
Wed Jul 1 06:42:22 CDT 2009
Xavier Cardil wrote:
> I found nothing is passing through those ports . . . I think something
> was sending the stream to our PST/SIP gateways, so the calls where
> affected when getting in to the gateways. I found we are not running any
> extra TCL applications on those gateways . . . could it be possible ?
> Could an UDP stream get mixed with another through an UDP port ? Is a
> very strange issue but I really want to know why . . . any more hints ?
>
> Thanks.
>
> On Wed, Jul 1, 2009 at 11:48 AM, John A. Sullivan III
> <jsullivan at opensourcedevel.com <mailto:jsullivan at opensourcedevel.com>>
> wrote:
>
> On Wed, 2009-07-01 at 10:14 +0100, Steve Howes wrote:
> > On 1 Jul 2009, at 09:54, Xavier Cardil wrote:
> > > udp 0 0 0.0.0.0:2727 <http://0.0.0.0:2727>
> > > 0.0.0.0:* 4989/asterisk
> > > udp 0 0 0.0.0.0:9001 <http://0.0.0.0:9001>
> > > 0.0.0.0:* 26354/udp-sender
> > > udp 0 0 0.0.0.0:5000 <http://0.0.0.0:5000>
> > > 0.0.0.0:* 4989/asterisk
> >
> > 2727 = mgcp
> >
> > I found that with Google. A useful tool.
> <snip>
> I thought 9001 was for JetDirect style print servers. I don't recall
> off the top of my head if they are tcp or udp - John
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan at opensourcedevel.com <mailto:jsullivan at opensourcedevel.com>
>
> http://www.spiritualoutreach.com
> Making Christianity intelligible to secular society
>
Assuming first your box doesn't have a rootkit installed (to check for
a rootkit, use rkhunter. Your distro may have it packaged, if not
google for it) I use lsof to find out what is listening to TCP and UDP
ports:
lsof -P | grep UDP
lsof -P | grep TCP
YMMV
Bruce
More information about the asterisk-users
mailing list