Web lists-archives.com

Open socket not connected to any real process




Hello,

I have an SMTP server running Debian Wheezy (64-bit).  A few weeks ago, I stopped nscd on it, because it was holding a connection open to our LDAP server and sending a ton of unnecessary queries to it.

Even though nscd is not running, I am once again seeing nscd-type queries on the LDAP server from this SMTP server, and a connection is open from the SMTP server.  But I can't seem to figure out what process is using that connection.  Every time I check using netstat or lsof, it just reports that the socket is owned by my current sshd process.

An example:

root@smtp:~# netstat -anp | grep 389
tcp        0      0 <smtp-ip>:58786   <ldap-ip>:389    ESTABLISHED 10249/0
        
root@smtp:~# lsof -n -i :389
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sshd    10249 root    4w  IPv4 86936230      0t0  TCP <smtp-ip>:58786-><ldap-ip>:ldap (ESTABLISHED)

root@smtp:~# ps -ef | grep 10249
root     10249 17111  0 15:49 ?        00:00:00 sshd: root@pts/0
root     10251 10249  0 15:50 pts/0    00:00:00 -bash
root     10286 10251  0 15:54 pts/0    00:00:00 grep 10249


So I log out and back in, and the PID for this socket changes to my new sshd process:

root@smtp:~# netstat -anp | grep 389
tcp        0      0 <smtp-ip>:58798   <ldap-ip>:389    ESTABLISHED 10288/0

root@smtp:~# lsof -n -i :389
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
sshd    10288 root    4w  IPv4 86936319      0t0  TCP <smtp-ip>:58798-><ldap-ip>:ldap (ESTABLISHED)

root@smtp:~# ps -ef | grep 10288
root     10288 17111  0 15:54 ?        00:00:00 sshd: root@pts/0
root     10290 10288  0 15:54 pts/0    00:00:00 -bash
root     10304 10290  0 15:55 pts/0    00:00:00 grep 10288


And all the while, LDAP queries continue to be sent over this connection.  Does anyone have any idea why I can't seem to track down the real process which is holding this socket open?

Thanks!
Dave

--
Dave Parker '11
Database & Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177