Hey guys

Does anything look unusual to you guys as far as open ports on my linux box?
As far as what you guys are used to seeing? Thanks.

Foreign Address State
tcp 0 0 System:domain *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp6 0 0 [::]:1716 [::]:* LISTEN
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN
udp 0 0 *:mdns *:*
udp 0 0 System:domain *:*
udp 0 0 *:bootpc *:*
udp 0 0 System.hitronhub.ho:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:49733 *:*
udp 0 0 *:ipp *:*
udp 0 0 *:46133 *:*
udp6 0 0 [::]:mdns [::]:*
udp6 0 0 [::]:1716 [::]:*
udp6 0 0 fe80::11c8:2dde:f69:ntp [::]:*
udp6 0 0 fd00:ac20:2e1e:f492:ntp [::]:*
udp6 0 0 fd00:ac20:2e1e:f492:ntp [::]:*
udp6 0 0 ip6-localhost:ntp [::]:*
udp6 0 0 [::]:ntp [::]:*
udp6 0 0 [::]:45589 [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 26196 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 27144 /run/user/122/systemd/private
unix 2 [ ACC ] SEQPACKET LISTENING 12696 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 27596 /run/user/1000/kdeinit5__0
unix 2 [ ACC ] STREAM LISTENING 28243 /run/user/1000/klauncherTJ1710.1.slave-socket
unix 2 [ ACC ] STREAM LISTENING 26207 /tmp/kwallet_user.socket
unix 2 [ ACC ] STREAM LISTENING 27536 /tmp/kwallet5_user.socket
unix 2 [ ACC ] STREAM LISTENING 25323 /tmp/sddm-authfa6edf7f-7faf-4690-bb50-dca5eeba8221
unix 2 [ ACC ] STREAM LISTENING 25331 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 24048 /tmp/HfoNd1/s
unix 2 [ ACC ] STREAM LISTENING 26212 /tmp/ssh-bbNNEW67BQjc/agent.1535
unix 2 [ ACC ] STREAM LISTENING 28988 /run/user/1000/pulse/native
unix 2 [ ACC ] STREAM LISTENING 29757 /tmp/.ICE-unix/1736
unix 2 [ ACC ] STREAM LISTENING 25619 /sys/fs/cgroup/cgmanager/sock
unix 2 [ ACC ] STREAM LISTENING 31914 /run/user/1000/ksocket-user/kdeinit4__0
unix 2 [ ACC ] STREAM LISTENING 31920 /run/user/1000/ksocket-user/klauncherhX1990.slave-socket
unix 2 [ ACC ] STREAM LISTENING 29756 @/tmp/.ICE-unix/1736
unix 2 [ ACC ] STREAM LISTENING 26240 @/tmp/dbus-WPo9iLMMEk
unix 2 [ ACC ] STREAM LISTENING 30820 /tmp/akonadi-user.GGdVML/akonadiserver.socket
unix 2 [ ACC ] STREAM LISTENING 25330 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 29177 /tmp/akonadi-user.GGdVML/mysql.socket
unix 2 [ ACC ] STREAM LISTENING 14601 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 12684 /run/systemd/fsck.progress
unix 2 [ ACC ] STREAM LISTENING 12685 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 12702 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 25482 @/tmp/dbus-bxUonDBzx6
unix 2 [ ACC ] STREAM LISTENING 13843 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 46691 @/tmp/dbus-MIRZ7ii5X6
unix 2 [ ACC ] STREAM LISTENING 22162 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 22163 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 22164 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 22165 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 22166 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 29035 @/tmp/dbus-HR4XXjnP08
unix 2 [ ACC ] STREAM LISTENING 30574 /var/run/NetworkManager/private-dhcp

Hi,

You can use the following to identify also the services that use those ports and see if there is something suspicious:
You didn't say your distro, but from the listening ports and sockets of the netstat output, I guess you're running KDE on whatever distro it is, so it's normal to see various strange ports and/or port ranges open.


Regards

First, why are you asking whether there's anything suspicious?

You should tell us, whether there's something out of normal that you think is happening to your computer.

Is the firewall running? Did you open any ports in your firewall or router?

Is it a server distro or a client OS?

Have you checked your CPU usage, by using top command to check if it is spiking up out of range?

Please use "code tags," which become available when you click the "Go Advanced" button under the compose post window, when posting the output of terminal commands or posting text files.

It makes the information much easier to read.

You may find this article interesting: https://www.tecmint.com/find-open-ports-in-linux/

Ah...ok. Thanks guys.

I'll give that revised netstat command a try...and utilize the code tags from here on in, if needed.

Yeah, I'm just concerned about who is connecting to this machine and why...where my routes are going and why...etc.

All of that.

It looks OK.

Thanks. That helps...

As I get further reacquainted with Linux, I'll tend to feel better about unknowns and oddities that are in fact processes simply doing their jobs. I have gone ahead and installed Rkhunter - updated and added a tcp package that let's it see into hidden ports, etc. Fun stuff. Cheers.

When I was first learning Linux I looked at everything thoroughly; log files, dmesg, printk, netstat, etc, just so I would know what a normal system looks like. You can also run 'unhide' every so often. Run every type of test. I've found systems with a hidden process corresponding to every visible process, basically controlled by a malware hypervisor.

Thanks for your advice. Gives me a few things to look into/look up.