Hi all,
We have strange thing on our Sparc T-3 mashine.
bash-3.00$ uname -a
SunOS zg1oem01 5.10 Generic_144488-11 sun4v sparc sun4v
After some new node was installed in network, our machine started to send SYN to that IP address with some high port numbers, even there is no integration between this two nodes, and no communication should be there
bash-3.00# netstat -anv | grep SYN_SENT
- 10.240.xxx.xxx.49814 0 da512f58 da512f57 49640 00000000 00000000 4500 1500 SYN_SENT
- 10.240.xxx.xxx.49798 0 da4fc506 da4fc505 49640 00000000 00000000 4500 1500 SYN_SENT
- 10.240.xxx.xxx.49760 0 da5768ce da5768cd 49640 00000000 00000000 4500 1500 SYN_SENT
- 10.240.xxx.xxx.48936 0 da4d3e78 da4d3e77 49640 00000000 00000000 4500 1500 SYN_SENT
- 10.240.xxx.xxx.49836 0 da564b6f da564b6e 49640 00000000 00000000 4500 1500 SYN_SENT
- 10.240.xxx.xxx.54728 0 da52fb09 da52fb08 49640 00000000 00000000 4500 1500 SYN_SENT
We could not find on application leave anything that should point to some process using this ports.
As we have solaris 10, there is no netstat with option "-u", so there is no way, as least I dont know how to determine which processes are using this high ports.
I tryed with Script that will display all running processes and the ports they use if any (pfiles `ptree | awk '{print $1}'` | egrep '^[0-9]|port:'), but in that output, ports 49814, 49798, 49760, 48936, 49836, 54728 could not be seen.
Is there any way to find what pid/program/process is using this ports?
Thank You,
Mario