LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-10-2007, 10:14 AM   #1
Raveolution
Member
 
Registered: Mar 2004
Distribution: Fedora & CentOS
Posts: 210
Blog Entries: 2

Rep: Reputation: 25
Unknown ports open on my system


What program might I use to find out what programs are holding open certain ports?

I just did a nmap on my system and found this:

33330/tcp open|filtered unknown
50000/tcp open|filtered unknown
50002/tcp open|filtered unknown

I'd like to close those.

Thanks!
 
Old 01-10-2007, 10:21 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,024
Blog Entries: 5

Rep: Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789
lsof

lsof -i :<portno>

Will show you what process is using the given port.

Also Linux (unlike most UNIX flavors) will show the PID with netstat's -p flag. I use lsof because it works on both UNIX and Linux.

FYI:
grep <portno> /etc/services

Will show you if the port has been allocated for a specific item (but not if it is actually in use).
 
Old 01-10-2007, 09:05 PM   #3
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
netstat -anp
 
Old 01-12-2007, 05:33 PM   #4
Raveolution
Member
 
Registered: Mar 2004
Distribution: Fedora & CentOS
Posts: 210
Blog Entries: 2

Original Poster
Rep: Reputation: 25
Quote:
Originally Posted by jlightner
lsof

lsof -i :<portno>

Will show you what process is using the given port.

Also Linux (unlike most UNIX flavors) will show the PID with netstat's -p flag. I use lsof because it works on both UNIX and Linux.

FYI:
grep <portno> /etc/services

Will show you if the port has been allocated for a specific item (but not if it is actually in use).
Hey thanks, that worked.

Standard programs are using those ports. Argh, that's bad enough!
 
Old 01-12-2007, 05:40 PM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,024
Blog Entries: 5

Rep: Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789Reputation: 789
All may not be lost. Some programs by default do wide open random port assignments but have ways to lock them down for firewalls. A good exampel is NetBackup. By default it has some ports defined in /etc/services but uses random ports for responses to the defined ones. However its documentation let me figure out how to lock it down to two specific ports (an in and an out).

Have a look at the documentation for whatever you determined was using the ports and see if it talks about "firewall" configuration or considerations anywwhere.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 03:03 AM
How can find out what ports are open in my system linuxlainen Linux - Security 10 08-03-2006 05:05 PM
unknown ports running ddaas Linux - Security 6 02-24-2005 06:41 AM
unknown ports open????? globeTrotter Linux - Security 12 09-25-2004 04:46 AM
Daemons running on unknown ports robadawb Linux - Networking 2 11-12-2003 03:11 PM


All times are GMT -5. The time now is 10:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration