LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Unknown ports open on my system (http://www.linuxquestions.org/questions/linux-security-4/unknown-ports-open-on-my-system-518009/)

Raveolution 01-10-2007 09:14 AM

Unknown ports open on my system
 
What program might I use to find out what programs are holding open certain ports?

I just did a nmap on my system and found this:

33330/tcp open|filtered unknown
50000/tcp open|filtered unknown
50002/tcp open|filtered unknown

I'd like to close those.

Thanks!

MensaWater 01-10-2007 09:21 AM

lsof

lsof -i :<portno>

Will show you what process is using the given port.

Also Linux (unlike most UNIX flavors) will show the PID with netstat's -p flag. I use lsof because it works on both UNIX and Linux.

FYI:
grep <portno> /etc/services

Will show you if the port has been allocated for a specific item (but not if it is actually in use).

stickman 01-10-2007 08:05 PM

netstat -anp

Raveolution 01-12-2007 04:33 PM

Quote:

Originally Posted by jlightner
lsof

lsof -i :<portno>

Will show you what process is using the given port.

Also Linux (unlike most UNIX flavors) will show the PID with netstat's -p flag. I use lsof because it works on both UNIX and Linux.

FYI:
grep <portno> /etc/services

Will show you if the port has been allocated for a specific item (but not if it is actually in use).

Hey thanks, that worked.

Standard programs are using those ports. Argh, that's bad enough!

MensaWater 01-12-2007 04:40 PM

All may not be lost. Some programs by default do wide open random port assignments but have ways to lock them down for firewalls. A good exampel is NetBackup. By default it has some ports defined in /etc/services but uses random ports for responses to the defined ones. However its documentation let me figure out how to lock it down to two specific ports (an in and an out).

Have a look at the documentation for whatever you determined was using the ports and see if it talks about "firewall" configuration or considerations anywwhere.


All times are GMT -5. The time now is 09:08 AM.