[opensuse] Who is listening on these ports?
Output from netstat -tupln: # netstat -ltupln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49826 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3668/smbd [snip] tcp 0 0 ::1:631 :::* LISTEN 3195/cupsd tcp 0 0 ::1:25 :::* LISTEN 3698/master udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:68 0.0.0.0:* 2867/dhcpcd udp 0 0 0.0.0.0:69 0.0.0.0:* 3390/xinetd [snip] What is listening on TCP:49826 and UDP:32769 ? I checked with lsof -i -nP: # lsof -i -nP COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dhcpcd 2867 root 4u IPv4 7854 UDP *:68 portmap 3047 nobody 3u IPv4 8277 UDP *:111 portmap 3047 nobody 4u IPv4 8278 TCP *:111 (LISTEN) cupsd 3195 root 0u IPv4 9333 TCP 127.0.0.1:631 (LISTEN) cupsd 3195 root 2u IPv6 9334 TCP [::1]:631 (LISTEN) cupsd 3195 root 4u IPv4 9572 UDP *:631 zmd 3329 root 5u IPv4 9195 TCP 127.0.0.1:2544 (LISTEN) sshd 3364 root 3u IPv6 9187 TCP *:22 (LISTEN) xinetd 3390 root 5u IPv4 10301 UDP *:69 ntpd 3588 ntp 16u IPv4 10051 UDP *:123 ntpd 3588 ntp 17u IPv6 10052 UDP *:123 ntpd 3588 ntp 18u IPv6 10053 UDP [fe80::20d:61ff:fe17:d8a0]:123 ntpd 3588 ntp 19u IPv6 10054 UDP [::1]:123 ntpd 3588 ntp 20u IPv4 10055 UDP 127.0.0.1:123 ntpd 3588 ntp 21u IPv4 10056 UDP 192.168.2.113:123 ntpd 3588 ntp 22u IPv4 10203 UDP 192.168.2.255:123 smbd 3668 root 18u IPv4 10309 TCP *:445 (LISTEN) smbd 3668 root 19u IPv4 10310 TCP *:139 (LISTEN) master 3698 root 11u IPv4 10500 TCP 127.0.0.1:25 (LISTEN) master 3698 root 12u IPv6 10502 TCP [::1]:25 (LISTEN) knode 12054 per 15u IPv4 58879 TCP 192.168.2.113:33488->192.168.2.104:119 (ESTABLISHED) I've tried a separate 'lsof', and I have also done a scan using rkhunter. Any suggestions? /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 30 September 2007 14:22:47 Per Jessen wrote:
Output from netstat -tupln:
# netstat -ltupln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49826 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3668/smbd [snip] tcp 0 0 ::1:631 :::* LISTEN 3195/cupsd tcp 0 0 ::1:25 :::* LISTEN 3698/master udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:68 0.0.0.0:* 2867/dhcpcd udp 0 0 0.0.0.0:69 0.0.0.0:* 3390/xinetd [snip]
Most times when I see - as the "Program name" in netstat, it's a kernel thread Did you try "rpcinfo -p localhost" already? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Anders Johansson wrote:
Most times when I see - as the "Program name" in netstat, it's a kernel thread
Did you try "rpcinfo -p localhost" already?
io:~ # rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 32768 status 100021 1 udp 32768 nlockmgr 100021 3 udp 32768 nlockmgr 100021 4 udp 32768 nlockmgr 100024 1 tcp 41408 status 100021 1 tcp 41408 nlockmgr 100021 3 tcp 41408 nlockmgr 100021 4 tcp 41408 nlockmgr Thanks Anders - that was most helpful! I was getting quite worried I might have a cloaked sshd running. /Per Jessen, Zürich -- http://www.spamchek.com/ - your spam is our business. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Output from netstat -tupln:
# netstat -ltupln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49826 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3668/smbd [snip] tcp 0 0 ::1:631 :::* LISTEN 3195/cupsd tcp 0 0 ::1:25 :::* LISTEN 3698/master udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:68 0.0.0.0:* 2867/dhcpcd udp 0 0 0.0.0.0:69 0.0.0.0:* 3390/xinetd [snip]
Hi, Try "sudo /bin/netstat -tupln" ! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Output from netstat -tupln:
# netstat -ltupln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49826 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3668/smbd [snip] tcp 0 0 ::1:631 :::* LISTEN 3195/cupsd tcp 0 0 ::1:25 :::* LISTEN 3698/master udp 0 0 0.0.0.0:32769 0.0.0.0:* - udp 0 0 0.0.0.0:68 0.0.0.0:* 2867/dhcpcd udp 0 0 0.0.0.0:69 0.0.0.0:* 3390/xinetd [snip]
What is listening on TCP:49826 and UDP:32769 ? I checked with lsof -i -nP:
I've tried a separate 'lsof', and I have also done a scan using rkhunter. Any suggestions?
/Per Jessen, Zürich
Foli Ayivoh wrote:
Hi,
Try "sudo /bin/netstat -tupln" !
I was logged in as root. Then I have no clue, but maybe this helps: http://www.seifried.org/security/ports/49000/49826.html -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 01 October 2007 16:11, Foli Ayivoh wrote:
...
Try "sudo /bin/netstat -tupln" !
I was logged in as root.
As evidenced by the classic "# " prompt.
Then I have no clue, but maybe this helps: http://www.seifried.org/security/ports/49000/49826.html
Read the thread. Anders Johansson's reply seems to be the one that holds the answer. These are all associated with NFS service, basically. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Randall R Schulz wrote:
On Monday 01 October 2007 16:11, Foli Ayivoh wrote:
...
Try "sudo /bin/netstat -tupln" !
I was logged in as root.
As evidenced by the classic "# " prompt.
Then I have no clue, but maybe this helps: http://www.seifried.org/security/ports/49000/49826.html
Read the thread. Anders Johansson's reply seems to be the one that holds the answer. These are all associated with NFS service, basically.
Randall Schulz
Thanks! I've missed his mail :-( -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Anders Johansson -
Foli Ayivoh -
Per Jessen -
Randall R Schulz