does this look fishy or normal?
 

When I do nmap localhost I get this:

Not shown: 1678 closed ports
PORT STATE SERVICE
631/tcp open ipp

Doesnt 631 have something to do with the printer?

Looks fine to me.

If you aren't using a printer at all then you can go ahead and disable the CUPS service. CUPS uses port 631 and you can chmod -x /etc/rc.d/rc.cups if you'll never use a printer.

Probably a good idea to run 'netstat -pantu' in order to verify that it is the printing service (backdoors are often configured to run on ports of other services). Also I would recommend performing your nmap scans from a remote computer as the results may be different than if you scan localhost.

Thanks, I will give those recommendations a try.

Just some info on how to track this down yourself for future reference: And yes, running nmap against localhost is pretty much pointless. The netstat command identified above will tell you which interfaces the service is listening on. You'll need to run it as root to use the -p option.

So if I ever use nmap it should be from another computer, but what if both computers are connected to a router?(the same router)

You can also run it from you own computer. If you type the ip of your pc in your local network instead of "localhost", you will see which ports are reachable from your local network. Probably you will see that cups is reachable for localhost only.