You're really a gem, Ben... not at all an idiot like so many said recently ;) On Monday 11 December 2000 14:50, you wrote: > > On Mon, Dec 11, 2000 at 02:42:33PM -0600, Bill Layer wrote: > >I'm pretty much out of ideas on this one. Help, anyone? > > fuser -n tcp <PORTNUMBER> > which will give you a pid of a process that's got that port > ps uw |grep <PID> > will tell you what app it is. Ok, it's rpc.mountd that has that port-ola. Rpc.mountd is the kernel NFS mount daemon. Slack has NFS setup by default, but I don't get why mountd is using a different port on each machine... In any event: A couple of notes on the technique you described. 1) The fuser command returns *nothing* in this case, unless run as root. When as root, I get: root at Billbob_Linux:~# fuser -n tcp 678 678/tcp: 75 2) the ps -uw | grep (PID) returns this line: root at Billbob_Linux:~# ps uw | grep 75 root 2027 0.0 0.1 1164 412 pts/1 S 14:58 0:00 grep 75 I don't see a process named here, so I just did ps -e | grep 75 and got: root at Billbob_Linux:~# ps -e | grep 75 75 ? 00:00:00 rpc.mountd So I guess that is mystery solved, onto new question of why rpc.mountd is using random ports in the 6XX range. NFS is also using port 2049 on each machine, here is a nmap output: root at Billbob_Linux:~# nmap localhost Starting nmap V. 2.53 by fyodor at insecure.org ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1505 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 37/tcp open time 79/tcp open finger 80/tcp open http 110/tcp open pop-3 111/tcp open sunrpc 113/tcp open auth 143/tcp open imap2 513/tcp open login 514/tcp open shell 515/tcp open printer 587/tcp open submission 678/tcp open unknown 1024/tcp open kdm 2049/tcp open nfs 6000/tcp open X11 Web, telnet, ftp, auth are all active on this machine, as I perceive no threats on this LAN. Correct me if that is bad thinking. Thanks again, Ben. === Bill Layer <b.layer at vikingelectronics.com>