first, figure out the port the nis daemon (ypserv) is running on:
# rpcinfo -p|grep ypserv
100004 2 udp 951 ypserv
100004 1 udp 951 ypserv
100004 2 tcp 954 ypserv
100004 1 tcp 954 ypserv
gather up all the clients talking to the daemon:
# tcpdump -n -n port 951 or port 954
the output will look like this:
10:55:35.482333 IP 6.6.6.6.951 > 9.9.9.107.729: UDP, length 28
10:55:38.099478 IP 9.9.9.173.1013 > 6.6.6.6.951: UDP, length 64
10:55:38.099631 IP 6.6.6.6.951 > 9.9.9.173.1013: UDP, length 28
10:55:55.483328 IP 9.9.9.107.730 > 6.6.6.6.951: UDP, length 64
10:55:55.483491 IP 6.6.6.6.951 > 9.9.9.107.730: UDP, length 28
10:56:15.484442 IP 9.9.9.107.731 > 6.6.6.6.951: UDP, length 64
10:56:15.484747 IP 6.6.6.6.951 > 9.9.9.107.731: UDP, length 28
10:56:18.443343 IP 9.9.9.173.50256 > 6.6.6.6.951: UDP, length 140
10:56:18.443468 IP 6.6.6.6.951 > 9.9.9.173.50256: UDP, length 28
10:56:35.485748 IP 9.9.9.107.732 > 6.6.6.6.951: UDP, length 64
10:56:35.485920 IP 6.6.6.6.951 > 9.9.9.107.732: UDP, length 28
the ip address with 951 or 954 is the nis server.
in this case, our clients are:
9.9.9.107 & 9.9.9.173
what do if you don't have tcpdump? go straight to the source!
this nis server is older than dirt. good thing there are some old versions
of tcpdump and libpcap that are compatible with the kernel...
wget http://www.tcpdump.org/release/tcpdump-3.9.5.tar.gz
wget http://www.tcpdump.org/release/libpcap-0.9.6.tar.gz
tar xvfz and away you go.
Friday, November 15, 2019
who is accessing my nis server?
Subscribe to:
Post Comments (Atom)
1 comment:
yes. we can run ypserv -d ; but we don't want to HUP the daemon.
Post a Comment