Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1432 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Who is using port 5002?

fredz2
We're using v7.005 on an ASG320.  Port 5002, RFE is usually in the top 10 services.  However I can't locate the transactions in the log files.  

If I look at the raw data in the packet filter log, I see information about the other services running on our network, but nothing for 5002.  We're evaluating the Reporting Manager and I've looked through the reports, but can't find anything here either.

How can I find out what IP address is using this service.


This thread was automatically locked due to age.
  • 0
    You'd need to enable logging on that port, or use a sniffer.

    Barry
  • 0
    Yes, I could use a sniffer - but I'd like to use Astaro (makes it easier for others in my organization).  

    Currently, we only have one packet rule:

    Source: Any
    Service: Any
    Destination: Any
    Log traffic:  checked

    Shouldn't this be sufficient to log the traffic for port 5002?  If not, how/where do "enable logging on that port"?
  • 0 in reply to fredz2
    That should get it, unless one of ASL's default rules is allowing the traffic.
    If so,
    iptables -L -n|grep 5002 
    would show something.

    Astaro has tcpdump and ngrep available on the command line, btw.

    It is also possible to get tethereal working, but I don't recommend it as it's out-of-date. (tshark would be better.)

    Barry