[ale] Identfy source of open ports

Alex Carver agcarver+ale at acarver.net
Fri Jan 3 01:23:16 EST 2014


Well, that clears up one port, 54906 is being used by rpc.statd (I've
got an NFS server running on that machine).  But the other port, 42865,
doesn't show up in the list.  However, it does respond to a connection
request from netcat and sending a simple carriage return causes a zero
byte response (well, zero payload bytes, only the TCP headers).  I can
send other random characters but it disconnects afterwards.  Very
peculiar.  I'm downloading wireshark now to sniff at it some more.  It
can get hard to read tcpdump.



On 1/2/2014 22:11, Beddingfield, Allen wrote:
> Try "lsof -l -P|grep LISTEN"  on the system with those ports open.
> 
> Allen B.
> --
> Allen Beddingfield
> Systems Engineer
> The University of Alabama
> 
> ________________________________________
> From: ale-bounces at ale.org [ale-bounces at ale.org] on behalf of Alex Carver [agcarver+ale at acarver.net]
> Sent: Thursday, January 02, 2014 11:49 PM
> To: Atlanta Linux Enthusiasts
> Subject: [ale] Identfy source of open ports
> 
> It's a new year so on a whim I started nmaps of various machines and
> devices on my home network to see what was open and if anything I didn't
> know about popped up.
> 
> One of my Debian boxes popped up with two ports out of the blue.  Port
> 42865 and 54906.  I don't know of any services running that use those
> ports.  Running netstat -ap doesn't show much either, it has a blank
> entry for the PID/Program name:
> 
> Proto Recv-Q Send-Q Local Address    Foreign Address   State
> PID/Program name
> 
> tcp        0      0 *:42865            *:*         LISTEN      -
> tcp        0      0 *:54906            *:*         LISTEN      -
> 
> Anything else I can use to try and ferret out what it is that is
> listening on these ports?  Neither port is accessible from the outside
> world due to a firewall.  A scan of two other Debian shows mostly ok
> (expected services) though one shows port 779 open in listen mode but
> again with no PID, and the other machine shows 31599 (also not accessible).
> 
> Searching online for those particular ports doesn't provide any useful
> information (779 claims one use is for NetInfo on OS X but that machine
> is not a Mac).
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> 



More information about the Ale mailing list