The Unix rusers service is a Remote Procedure Call (RPC) service that listens on a dynamic TCP port. The rusers client utility first connects to the RPC portmapper on TCP port 111, which returns the whereabouts of the rusersd service if it is active.
During initial TCP port scans, if the RPC portmapper service isn't found to be accessible, it is highly unlikely that rusersd will be accessible. If, however, TCP or UDP port 111 is found to be accessible, the rpcinfo client can check for the presence of rusersd and other accessible RPC services, as shown in Example 5-17.
# rpcinfo -p 192.168.0.50 program vers proto port service 100000 4 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100024 1 udp 32772 status 100024 1 tcp 32771 status 100021 4 udp 4045 nlockmgr 100021 2 tcp 4045 nlockmgr 100005 1 udp 32781 mountd 100005 1 tcp 32776 mountd 100003 2 udp 2049 nfs 100011 1 udp 32822 rquotad 100002 2 udp 32823 rusersd 100002 3 tcp 33180 rusersd
If rusersd is running, you can probe the service with the rusers client (available on most Unix-based platforms) to retrieve a list of users logged into the system, as shown in Example 5-18.
# rusers -l 192.168.0.50 Sending broadcast for rusersd protocol version 3... Sending broadcast for rusersd protocol version 2... james onyx:console Mar 3 13:03 22:03 amber onyx:ttyp1 Mar 2 07:40 chris onyx:ttyp5 Mar 2 10:35 14 al onyx:ttyp6 Mar 2 10:48