who's plugging my ldap server

come on now. stop it already.

netstat -an | grep :389 | awk {'print $5'} | awk -F : '{print $1}' | sort | uniq

netstat -an | grep 389  | awk {'print $5'} | cut -f 1 -d \: | sort | uniq -c  

or. who the heck is searching for that freaking uid?

ngrep -q -t "uid" \(port 389 or port 636 \)