Hi!

Using nmap to scan my computer, I get these results

"[...]
Interesting ports on localhost (127.0.0.1):
(The 1597 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
242/tcp open direct
970/tcp open unknown
6000/tcp open X11
[...]"

I know what every port except 970 is for, and I'm not able to find which program or whatever, opens it.

socklist gives me

"[...]
type port inode uid pid fd name
tcp 970 440 0 0 0
tcp 6000 518 0 0 0
tcp 242 451 0 0 0
tcp 22 453 0 0 0
tcp 22 139149 0 0 0
[...]"

Again, I don't see what port 970 is for.

Is my box compromised?

Please help.

Regards
Kristoffer

type lsof and look for the files opened / accessed by the port. This may give you a clue about the service that uses the port

Thanks.

Ok, so LSOF gives me this when grepping for "970":

"[...]
inetd 370 root 4u IPv4 439 TCP *:970 (LISTEN)
[...]"

Well, looks like inetd to me (which i also found out by killing process after process and trying to determine which one it was that kept port 970 open).


Though, from here I'm clueless. I didn't find any reference to port 970 in my inetd.conf or /etc/rc.d ...


Somewhat annoying.

Ok, so, problem resolved. Turned out to be fam listening on that port. Found it out after going through a bundle of nestled configfiles referring to each other.

Thanks for the tip about lsof


Regards
Kristoffer - a now happy person again.