Hello, I have an SMTP server running Debian Wheezy (64-bit). A few weeks ago, I stopped nscd on it, because it was holding a connection open to our LDAP server and sending a ton of unnecessary queries to it.
Even though nscd is not running, I am once again seeing nscd-type queries on the LDAP server from this SMTP server, and a connection is open from the SMTP server. But I can't seem to figure out what process is using that connection. Every time I check using netstat or lsof, it just reports that the socket is owned by my current sshd process. An example: root@smtp:~# netstat -anp | grep 389 tcp 0 0 <smtp-ip>:58786 <ldap-ip>:389 ESTABLISHED *10249/0* root@smtp:~# lsof -n -i :389 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd *10249 root* 4w IPv4 86936230 0t0 TCP <smtp-ip>:58786-><ldap-ip>:ldap (ESTABLISHED) root@smtp:~# ps -ef | grep 10249 *root 10249 17111 0 15:49 ? 00:00:00 sshd: root@pts/0* root 10251 10249 0 15:50 pts/0 00:00:00 -bash root 10286 10251 0 15:54 pts/0 00:00:00 grep 10249 So I log out and back in, and the PID for this socket changes to my new sshd process: root@smtp:~# netstat -anp | grep 389 tcp 0 0 <smtp-ip>:58798 <ldap-ip>:389 ESTABLISHED *10288/0* root@smtp:~# lsof -n -i :389 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd *10288 root* 4w IPv4 86936319 0t0 TCP <smtp-ip>:58798-><ldap-ip>:ldap (ESTABLISHED) root@smtp:~# ps -ef | grep 10288 *root 10288 17111 0 15:54 ? 00:00:00 sshd: root@pts/0* root 10290 10288 0 15:54 pts/0 00:00:00 -bash root 10304 10290 0 15:55 pts/0 00:00:00 grep 10288 And all the while, LDAP queries continue to be sent over this connection. Does anyone have any idea why I can't seem to track down the real process which is holding this socket open? Thanks! Dave -- Dave Parker '11 Database & Systems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177
