Hi,
I have a Solaris 10 system, which appears to be sending out LDAP queries to a server that is due to be decomissioned.
Is there a way to identify which process is sending out these queries? The problem is that the local port constantly changes, and the connections do not stay open long enough to query them using netstat or lsof.
I can see the outbound traffic in snoop:
solServer -> decomServer LDAP C port=39959
solServer -> decomServer LDAP C port=39959
and also in netstat:
solServer.38530 decomServer.ldap 65420 0 49640 0 TIME_WAIT
solServer.38215 decomServer.ldap 65420 0 49640 0 TIME_WAIT
But cant think of a way to identify what process is sending this out. I've checked resolv.conf & /etc/nsswitch.conf and the decom server is not listed anywhere.
I have no idea where the information for this decomServer is coming from, or which process is sending. Is there a way I can find this out?
Many thanks