Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks for your answer. Man page of lsof is not at all user friendly in denoting what the column headings denote. Hope, you understand the problem in man pages sometimes.
I got some clue. The generic format of a man search is under the headings name, synopsis, description, options, output etc. I could find help under the output heading. I had killed 30670 as the source was unknown. The process has again started with a PID 15082. When I give,
yes, on the host port 33797 is used to connect to hosted-for-minecraft.net on port https (443). But the port on the remote host is opened and waiting for connection and your host initiated that connection used the port 33797. This port is not opened. (opened means listening)
open means some app or daemon is running on that host and will listen on that port. Listening on a port means that app is waiting for incoming packages and will process any package arriving.
From the other side someone, another process/host must initiate the communication, send package to that host.
In your case hosted-for-minecraft.net is listening on port 443 and waiting for requests. Your own host initiates a communication, it sends a package to hosted-for-minecraft.net:https and port 33797 is used to send the package. Your host does not listen on port 33797 and does not wait any incoming packages, therefore this port is not opened. It waits only for responds from the other side, all the other requests will be dropped.
Thanks, there is a lot of clarity now. I wanted to check that as the source of process is unknown, can this port 33797 be blocked using iptables so that it could help in stopping this process?
open means some app or daemon is running on that host and will listen on that port. Listening on a port means that app is waiting for incoming packages and will process any package arriving.
From the other side someone, another process/host must initiate the communication, send package to that host.
In your case hosted-for-minecraft.net is listening on port 443 and waiting for requests. Your own host initiates a communication, it sends a package to hosted-for-minecraft.net:https and port 33797 is used to send the package. Your host does not listen on port 33797 and does not wait any incoming packages, therefore this port is not opened. It waits only for responds from the other side, all the other requests will be dropped.
I had a query, that can an established connection as in this case be used for flooding our network? That would mean that the port 33797 opened on our host is used for flooding from the link hosted-for-minecraft.net:https.
Thanks for your reply, I would try to explain it better. We had a recent problem around 2 weeks back that there was a suspected broadcast from this server which choked up the lease line connectivity to our network operation center as they share the same lease line. You had mentioned in your earlier reply that the host waits for responds from the other side and all other requests would be dropped, so could these responds be sending so much traffic which effectively is an broadcast. There was another conceptual query that the states of a port are open, closed & listening. So is the transition between the ports from open->listening->closed as a life cycle of transitions? means that the port is first open, then listening & finally closed. Or is it that the port can be straight from listening to closed.
I hope, I have been able to give some clarity on this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.