0

System specs:

Linux client 3.10.0-123.20.1.el7.x86_64 #1 SMP Centos 5

I am having some blockages on my DC. I have identified the machine that is making the requests. I also analyzed the outgoing traffic of the requesting machine and it appears to be that one:

12:04:13.408750 IP (tos 0x0, ttl 64, id 22804, offset 0, flags [DF], proto TCP (6), length 83)
client.50581 > 192.168.1.30.msft-gc: Flags [P.], cksum 0xbdd6 (incorrect -> 0x7ba4), seq 0:31, ack 1, win 115, options [nop,nop,TS val 312783772 ecr 911925611], length 31

I am not able to identify the service or task that is making this request, I have tried with:

netstat -tnp |grep 50581

and

lsof -i TCP:50581

But without result, how could I know who is occupying that port?

Thanks.

Improve this question
7
  • It may be that the session has been closed and there is a new session doing requests. Try to examine lsof -i without specifying a port number. Commented Aug 30, 2023 at 10:55
  • Very confused. Shouldn't Oracle Linux 8 not ship with at least kernel 4.18, like RHEL 8.0 did? UEK should be even newer? Are you running Oracle Linux with an unsupported kernel, i.e. one that's older than the userland it runs? Doesn't that yield problems? Commented Aug 30, 2023 at 10:58
  • err it even says it's a RHEL 7 kernel on a Oracle/RHEL 8 userland Commented Aug 30, 2023 at 10:59
  • 1
    the client port isn't relevant for your server; your port is msft-gc, i.e., 3268. It's also not clear why there must be something there. As far as that packet is concerned, it's a broken ACK Commented Aug 30, 2023 at 11:01
  • Oops my fault, the system is a Centos 5, on the other hand in my DC I have identified the machine that blocks the user, that is the client, that is why analyzing the traffic are the only requests it makes to the DC. My client makes these requests to the DC through port 50581, so I want to identify which process it is or script that is using a wrong credential, isn't it a good starting point? Commented Aug 30, 2023 at 11:11

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.