2.0 RC1 CPU at 100% after 1-4 days
-
I'll try updating and keep an eye on it. Since this is newer than 1.5 months, I can't help but suspect some hardware configuration issue.
(I'd feel more confident about it if this was a known issue before that was resolved; the closest thing I found was a bug related to rate service (for traffic graphs) causing high CPU usage after a few days.) -
Top reports
674 processes, 262 running, 377 zombie
That you have so many inetd processes and zombie processes suggests there might be an issue with the interaction between inetd and a child process.
On my system
more /var/etc/inetd.conf
tftp-proxy dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy -v
suggesting tftp is the only thing inetd is likely to start.
What uses inetd on your system? The pfSense shell command
clog /var/log/system.log | grep inetd
MIGHT provide some hints.
-
Thanks for the suggestions.
It happened again overnight, so only about 8 hours of uptime before it happened again. Another thing of note is that there are a ton of "nc" (netcat) processes along with all the zombie inetd processes.
I grepped the system log for inetd and didn't see any messages containing it (prior to rebooting.) Unfortunately I didn't realize the system.log was entirely wiped during a reboot, so I'll make sure to scp it over beforehand when it happens again.The only "non-standard" packages I have running are snort and openVPN.Something weird I noticed in the system.log is that each of the snort log entries is duplicated, such as
Mar 24 09:10:04 snort[52667]: --== Initialization Complete ==-- Mar 24 09:10:04 snort[52667]: --== Initialization Complete ==--
I disabled snort from the webconfigurator and the system didn't recover, but I have disabled it for the time being to assist with the troubleshooting.
When (if) it happens again, I'll make sure I get the system.log to try and correlate and messages with when the system freaks out. -
What is in your /var/etc/inetd.conf?
Do you have anything attempting to use tftp or any other service in /var/etc/inetd.conf?
-
Looks like tftp and the firewall rules (first three digits edited to xxx) for a few of my external IP's
tftp-proxy dgram udp wait root /usr/libexec/tftp-proxy tftp-proxy -v 19000 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.26 xxx.xxx.xxx.86 25 19001 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.26 xxx.xxx.xxx.86 25 19002 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.26 xxx.xxx.xxx.86 25 19003 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.26 xxx.xxx.xxx.86 25 19004 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.4 xxx.xxx.xxx.85 443 19005 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.4 xxx.xxx.xxx.85 222 19006 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.26 xxx.xxx.xxx.86 222 19007 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19007 dgram udp nowait/0 nobody /usr/bin/nc nc -u -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19008 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19008 dgram udp nowait/0 nobody /usr/bin/nc nc -u -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19009 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19009 dgram udp nowait/0 nobody /usr/bin/nc nc -u -w 2000 10.0.0.4 xxx.xxx.xxx.85 54 19010 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 10.0.0.115 xxx.xxx.xxx.91 80
-
On my pfSense:
/usr/bin/nc -w 2000 10.0.0.26 205.126.89.86 25
nc: port number invalid: 205.126.89.86
Also when I tried to match up the nc command in inetd.conf against the FreeBSD man page for nc it seemed to me that the command didn't match the template in the man page.
I'm running 2.0-RC1-IPv6 (i386)
built on Sun Mar 20 02:20:38 EDT 2011 -
Thanks for investigating; I'll go ahead with the upgrade tonight and see if that changes anything. I haven't updated it yet, so hopefully it'll go smoothly.
-
Thanks for investigating; I'll go ahead with the upgrade tonight
Its probably a good thing to upgrade snapshot builds from time to time, espeially when you come across problems. I just want to be clear that I wasn't suggesting you upgrade. AFter the investigation I recently reported I fully expect the version I'm running would display similar symptoms to your system if I had a similar inetd.conf and I had traffic activating the nc entries in inetd.conf.
Do you have any idea what parts of your configuration are responsible for those nc entries in inetd.conf?
-
Right, I figured I'd upgrade anyway, no huge hopes that it'll solve this issue, but perhaps the something with nc changed?
I haven't done anything exotic, just set up some NAT port forwarding via Web Configurator, which I assume was what added those nc lines to inetd.conf.
-
Upgraded to
2.0-RC1 (i386)
built on Thu Mar 24 13:58:11 EDT 2011and disabled Snort for the time being. Thanks for the input so far; if it happens again I'll be sure to copy down the logs for more info before rebooting it.
-
I haven't done anything exotic, just set up some NAT port forwarding via Web Configurator, which I assume was what added those nc lines to inetd.conf.
I have a number of port forward rules defined in Firewall -> NAT, click on Port Forward tab and I don't have any nc entries in /etc/inetd.conf. Do you have a different type of port forward?
-
Can you tell me if you have any aliases referenced on port forward rules?
-
Yes, I have aliases defined for most of my firewall rules. For some aliases, I specified both the internal and external IP's.
Under Firewall->Aliases, I have a few entries similar to
Name | Values
mailserver | 10.0.0.4, xxx.xxx.xxx.85Then in Firewall->NAT I created rule(s) using the aliases, like:
WAN TCP * * xxx.xxx.xxx.85 25 (SMTP) mailserver 25 (SMTP) Mail Server -
Ok try with latest snapshot. I fixed an issue on the generated configs in the backend.
If you do not want to wait for next snapshot the change is https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/650b573bd8a435449178385a2d132f7f0002d309 -
OK, thanks! Other than upgrading my snapshot, should I remove/re-add my firewall rules? Delete the nc entries from inetd.conf?
-
For the time being, I've removed the aliases from my setup; once things are stable I'll turn them back on.
-
You should not do any changes to your firewal other than upgrade.
It would be good to give feedback if it solves your issues since its better fix it now rather than go through the hoops again after 2.0
-
OK. Updated, with aliases enabled, so far so good over the weekend. Out of town this week so hopefully it will behave; I'll report on hopefully successful results then.
-
Also of note, after the upgrade, the only line in /etc/inetd.conf is for tftp-proxy.
[edit: never mind, the file of interest is /var/etc/inetd.conf, which does contain the nc lines.] -
No joy, I'm not sure if it correlated when I turned back on aliases, but it happened again. This was running Saturday Mar 26 build.
I just ran update (Monday the 28th) and it seems to have now back-dated itself to the 24th.
Curiously, /etc/inetd.conf was only one line, the tftp info. Butas you can see in the ps dump, there are a lot of the nc lines.MBUF's looked normal, as did states.
This time I got a full dump of ps aux:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 21242 6.7 0.2 3436 1552 ?? Rs Sat01PM 1:42.86 /usr/sbin/inetd nobody 1000 5.8 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>(snip: a ton of these lines) nobody 61570 5.2 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 63274 5.2 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18960 0.6 0.1 3316 912 ?? R 9:51AM 0:00.00 /sbin/sysctl -n root 53978 0.4 2.4 54708 23540 ?? S Sat01PM 0:09.64 /usr/local/bin/p root 12 0.1 0.0 0 96 ?? WL Sat01PM 31:05.84 [intr] root 0 0.0 0.0 0 48 ?? DLs Sat01PM 0:00.27 [kernel] root 1 0.0 0.0 1888 456 ?? ILs Sat01PM 0:00.01 /sbin/init -- root 2 0.0 0.0 0 8 ?? DL Sat01PM 0:02.38 [g_event] root 3 0.0 0.0 0 8 ?? DL Sat01PM 0:04.28 [g_up] root 4 0.0 0.0 0 8 ?? DL Sat01PM 0:04.20 [g_down] root 5 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [crypto] root 6 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [crypto returns] root 7 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [sctp_iterator] root 8 0.0 0.0 0 8 ?? DL Sat01PM 0:02.55 [pfpurge] root 9 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [xpt_thrd] root 10 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [audit] root 11 0.0 0.0 0 8 ?? RL Sat01PM 2572:40.34 [idle] root 13 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [ng_queue] root 14 0.0 0.0 0 8 ?? DL Sat01PM 0:11.44 [yarrow] root 15 0.0 0.0 0 128 ?? DL Sat01PM 0:01.63 [usb] root 16 0.0 0.0 0 8 ?? DL Sat01PM 0:00.09 [pagedaemon] root 17 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [vmdaemon] root 18 0.0 0.0 0 8 ?? DL Sat01PM 0:00.00 [pagezero] root 19 0.0 0.0 0 8 ?? DL Sat01PM 0:00.11 [idlepoll] root 20 0.0 0.0 0 8 ?? DL Sat01PM 0:00.42 [bufdaemon] root 21 0.0 0.0 0 8 ?? DL Sat01PM 0:00.41 [vnlru] root 22 0.0 0.0 0 8 ?? DL Sat01PM 0:05.31 [syncer] root 23 0.0 0.0 0 8 ?? DL Sat01PM 0:00.55 [softdepflush] root 24 0.0 0.0 0 8 ?? DL Sat01PM 0:00.19 [flowcleaner] root 40 0.0 0.0 0 8 ?? DL Sat01PM 0:00.12 [md0] root 151 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 247 0.0 0.1 3408 1148 ?? INs Sat01PM 0:00.01 /usr/local/sbin/ root 249 0.0 0.1 3408 1048 ?? IN Sat01PM 0:00.00 check_reload_sta root 260 0.0 0.1 1888 540 ?? Is Sat01PM 0:00.02 /sbin/devd root 475 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 517 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 852 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 920 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 1135 0.0 0.3 4528 2504 ?? I Sat01PM 0:00.00 /usr/local/sbin/ root 1258 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 1552 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 1672 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd (snip: a ton of these lines) root 9087 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9269 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9502 0.0 0.2 3504 1452 ?? SN Sat01PM 0:00.29 ntpdate 0.pfsens root 9614 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 9738 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10016 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10237 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10307 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 10619 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 10807 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 10819 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 10927 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11050 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11180 0.0 0.1 3316 1368 ?? Ss Sat01PM 0:00.10 ntpd: [priv] (nt root 11245 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11394 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11494 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11518 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11544 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 11588 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11680 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11692 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11773 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 11785 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 11994 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 11998 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 12278 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 12309 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12496 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12591 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 12607 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 12728 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 12747 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 12838 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 12852 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13008 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13114 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13219 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13341 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 13445 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 13464 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13502 0.0 0.1 3316 1028 ?? Ss Sat01PM 0:00.08 /usr/local/sbin/ root 13570 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 13668 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 13832 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13869 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 13882 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 14093 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 14167 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14243 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14386 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14411 0.0 0.3 5272 3076 ?? Is Sat01PM 0:00.00 /usr/sbin/sshd root 14420 0.0 0.2 3436 1560 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14563 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 14680 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 14686 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 14823 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 14992 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15050 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15094 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15284 0.0 0.1 3448 1416 ?? Ss Sat01PM 0:04.77 /usr/sbin/syslog root 15301 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15357 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15431 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15469 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 15476 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15486 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 15646 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15705 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 15742 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 15918 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16022 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16114 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16156 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16276 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16501 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16569 0.0 0.0 640 244 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 16802 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16815 0.0 0.1 3404 1380 ?? Ss Sat01PM 0:00.28 /usr/sbin/cron - nobody 16856 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 16921 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 16922 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 16999 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17073 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17130 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17309 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17342 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17363 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17424 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 17453 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17574 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17623 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 17654 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17748 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 17878 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 17968 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18097 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18241 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18379 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18409 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18410 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 18577 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18689 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 18733 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 18931 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19015 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19109 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19130 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19144 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19202 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19386 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19394 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19463 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 19622 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19704 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19727 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 19791 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 19955 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 19970 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20187 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20265 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20335 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20505 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 20506 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 20671 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd snort 20744 0.0 12.1 136508 116252 ?? Ss Sat06PM 1:53.12 /usr/local/bin/s nobody 20747 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20783 0.0 0.5 7164 5204 ?? Ss Sat01PM 0:15.65 openvpn --config root 20859 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 20916 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 20932 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21078 0.0 0.1 1864 680 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 21136 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21140 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21183 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 21466 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 21475 0.0 0.1 1864 876 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 21763 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 21774 0.0 0.1 3656 1400 ?? IN Sat01PM 0:00.00 /bin/sh /usr/loc nobody 21800 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21983 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 21987 0.0 0.1 1888 488 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 22097 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22178 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22275 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22340 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 22560 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22602 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 22671 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 22861 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 22954 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 23085 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23149 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23254 0.0 0.1 3316 1036 ?? Ss Sat01PM 0:00.11 /usr/local/bin/m nobody 23374 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23378 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23388 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23614 0.0 0.1 3316 1036 ?? Is Sat01PM 0:00.01 /usr/local/bin/m root 23698 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23700 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23827 0.0 0.1 3316 1036 ?? Is Sat01PM 0:00.00 /usr/local/bin/m root 23878 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 23966 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 23970 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24286 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24302 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 24311 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 24500 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 24517 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24679 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 24792 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 24843 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 24965 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 25036 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25074 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 25106 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 25266 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25278 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 25318 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25360 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25539 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25645 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 25788 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 25974 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26065 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26149 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26350 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26391 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26406 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26472 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 26557 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26570 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 26599 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 26673 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 26769 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 26999 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27026 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27066 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27081 0.0 0.2 3656 1772 ?? SN 9:51AM 0:00.00 /bin/sh /var/db/ nobody 27179 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27196 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27346 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 27355 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27520 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27656 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27673 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27752 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 27802 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 27831 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 27834 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 27944 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28045 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 28116 0.0 0.1 1888 488 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 28121 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28166 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 28340 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 28457 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 28555 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 28606 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 28645 0.0 0.1 1864 532 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 nobody 32225 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 32254 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32448 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 32553 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32588 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 32617 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32678 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32893 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 32904 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 32909 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33001 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33013 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33110 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33177 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 33436 0.0 0.1 1864 876 ?? Rs 9:51AM 0:00.00 nc -u -w 2000 10 root 33444 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 33622 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33707 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>nobody 33714 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33788 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd nobody 33789 0.0 0.0 0 0 ?? Z 9:51AM 0:00.00 <defunct>root 33994 0.0 0.2 3436 1556 ?? R 9:51AM 0:00.00 /usr/sbin/inetd root 34046 0.0 0.2 3436 1552 ?? R 9:51AM 0:00.00 /usr/sbin/inetd (snipped out a lot of lines to fit the post limit) nobody 35523 0.0 0.0 0 0 ?? Z 9:51AM 0:00.0</defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct></defunct>