how do I know whose ports are they belong to?
Hello All,
when running nmap localhost (see below) .. I got unknown ports .. how do I know whose ports are they belong to? and how to close them? please advise thanks & regards Winanjaya [root@smartgateway ~]# nmap localhost Starting Nmap 4.68 ( http://nmap.org ) at 2010-02-10 13:50 WIT Interesting ports on localhost.localdomain (127.0.0.1): Not shown: 1705 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 631/tcp open ipp 904/tcp open unknown 905/tcp open unknown 906/tcp open unknown 907/tcp open unknown 908/tcp open unknown 909/tcp open unknown 10000/tcp open snet-sensor-mgmt |
Hi, there is a text file /etc/services
that shows the usual/default port numbers and what they're used for. open it in an editor, or use cat from a shell. cat /etc/services cheers, Glenn |
I checked on /etc/services .. and I didnot find them(904 to 909)
please help thanks & regards |
Doing a simple netstat will show you which processes are listening on those ports:
Code:
netstat -pante | grep LISTEN The easiest way to close the ports would be to stop the relevant services. |
I ran it .. how to remove it? ..I don't know python? ..strange?
[root@smartgateway ~]# netstat -pante | grep LISTEN tcp 0 0 0.0.0.0:59239 0.0.0.0:* LISTEN 0 3722 1768/rpc.statd tcp 0 0 127.0.0.1:904 0.0.0.0:* LISTEN 0 5681 2190/python tcp 0 0 127.0.0.1:905 0.0.0.0:* LISTEN 0 5682 2190/python tcp 0 0 127.0.0.1:906 0.0.0.0:* LISTEN 0 5683 2190/python tcp 0 0 127.0.0.1:907 0.0.0.0:* LISTEN 0 5684 2190/python tcp 0 0 127.0.0.1:908 0.0.0.0:* LISTEN 0 5685 2190/python tcp 0 0 127.0.0.1:909 0.0.0.0:* LISTEN 0 5686 2190/python tcp 0 0 172.16.1.31:4430 0.0.0.0:* LISTEN 0 5834 2296/openvpn tcp 0 0 172.16.1.31:943 0.0.0.0:* LISTEN 0 5679 2190/python tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 3566 1750/rpcbind tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 5461 2191/perl tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 4673 2090/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 5336 2167/cupsd tcp 0 0 :::111 :::* LISTEN 0 3571 1750/rpcbind tcp 0 0 :::22 :::* LISTEN 0 4675 2090/sshd |
Hi, they are not in numerical order, as such.
But, you're right, they are not listed. Quote:
ref. http://en.wikipedia.org/wiki/List_of...P_port_numbers Quote:
Quote:
|
You could check the pids to see what 'user' is using them...
Incidentally, they're all on the loopback interface ;) |
You could use "pstree -p" to see which command you might be running that spawned other python processes.
The output will look like this: Code:
... Here is an example looking at the command line that called PID 11435 above: Code:
tr '\0' ' ' </proc/11435/cmdline |
Hi I got below, and there is nothing shown 904-909 ??
login as: root root@172.16.1.31's password: Last login: Thu Feb 11 14:11:59 2010 from 172.16.1.77 [root@smartgateway ~]# pstree -p init(1)ââ¬âacpid(1874) ââatd(2148) ââauditd(1706)ââ¬âaudispd(1708)âââ{audispd}(1709) â ââ{auditd}(1707) ââavahi-daemon(2157)âââavahi-daemon(2158) ââbluetoothd(2024) ââclamd(10235)âââ{clamd}(10236) ââconsole-kit-dae(1885)ââ¬â{console-kit-dae}(1886) â ââ{console-kit-dae}(1888) â ââ{console-kit-dae}(1889) â ââ{console-kit-dae}(1890) â ââ{console-kit-dae}(1891) â ââ{console-kit-dae}(1893) â ââ{console-kit-dae}(1894) â ââ{console-kit-dae}(1895) â ââ{console-kit-dae}(1896) â ââ{console-kit-dae}(1897) â ââ{console-kit-dae}(1898) â ââ{console-kit-dae}(1899) â ââ{console-kit-dae}(1900) â ââ{console-kit-dae}(1901) â ââ{console-kit-dae}(1902) â ââ{console-kit-dae}(1903) â ââ{console-kit-dae}(1904) â ââ{console-kit-dae}(1905) â ââ{console-kit-dae}(1906) â ââ{console-kit-dae}(1907) â ââ{console-kit-dae}(1908) â ââ{console-kit-dae}(1909) â ââ{console-kit-dae}(1910) â ââ{console-kit-dae}(1911) â ââ{console-kit-dae}(1912) â ââ{console-kit-dae}(1913) â ââ{console-kit-dae}(1914) â ââ{console-kit-dae}(1915) â ââ{console-kit-dae}(1916) â ââ{console-kit-dae}(1917) â ââ{console-kit-dae}(1918) â ââ{console-kit-dae}(1919) â ââ{console-kit-dae}(1920) â ââ{console-kit-dae}(1921) â ââ{console-kit-dae}(1922) â ââ{console-kit-dae}(1923) â ââ{console-kit-dae}(1924) â ââ{console-kit-dae}(1925) â ââ{console-kit-dae}(1926) â ââ{console-kit-dae}(1927) â ââ{console-kit-dae}(1928) â ââ{console-kit-dae}(1929) â ââ{console-kit-dae}(1930) â ââ{console-kit-dae}(1931) â ââ{console-kit-dae}(1932) â ââ{console-kit-dae}(1933) â ââ{console-kit-dae}(1934) â ââ{console-kit-dae}(1935) â ââ{console-kit-dae}(1936) â ââ{console-kit-dae}(1937) â ââ{console-kit-dae}(1938) â ââ{console-kit-dae}(1939) â ââ{console-kit-dae}(1940) â ââ{console-kit-dae}(1941) â ââ{console-kit-dae}(1942) â ââ{console-kit-dae}(1943) â ââ{console-kit-dae}(1944) â ââ{console-kit-dae}(1945) â ââ{console-kit-dae}(1946) â ââ{console-kit-dae}(1947) â ââ{console-kit-dae}(3067) â ââ{console-kit-dae}(3966) ââcrond(2128) ââcupsd(2167) ââdbus-daemon(1820) ââfreshclam(10243) ââgpm(2099) ââhald(1882)âââhald-runner(1948)ââ¬âhald-addon-acpi(2039) â ââhald-addon-inpu(2116) ââirqbalance(1743) ââkerneloops(2137) ââlogin(2197)âââbash(3968) ââmingetty(2195) ââmingetty(2196) ââmingetty(2198) ââmingetty(2199) ââminiserv.pl(2191) ââpython(2118)ââ¬âopenvpn(2296)âââopenvpn(2299) â ââpython(2190) â ââ{python}(3069) âârpc.idmapd(1806) âârpc.statd(1768) âârpcbind(1750) âârsyslogd(1731)ââ¬â{rsyslogd}(1733) â ââ{rsyslogd}(1734) â ââ{rsyslogd}(10556) ââsshd(2090)ââ¬âsshd(4392)âââbash(4395)âââvi(10343) â ââsshd(10345)âââbash(10348) â ââsshd(10554)âââbash(10557)âââpstree(10593) ââudevd(620) [root@smartgateway ~]# |
It would be easier to make things out if you put it inside code blocks and include just the pertinant section of the output.
Does this part mean that someone logged in through the vpn connection: Code:
ââmingetty(2199) Also another way to look at the command line is "ps -ef | grep <PID>" where <PID> is the process number. It shows both the PID and the PPID of each process. pstree is easier to read because the indentation and the grouping show the parent-child relationships at a glance. On google, I found that miniserv.pl is a script that Webmin uses. Are you using webmin? Check your webmin version and what everything, that is a child of the miniserv process, does. http://secunia.com/advisories/17749/ If these processes and port usages are legit, you found your answer. If not then your work has just begun. Also another answer to your original question is to run "getent services <port #>". NMAP also has it's own services file which is where it gets the info it supplies about the ports. Look at this similar line from one of your previous posts: tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 5336 2167/cupsd This is the web interface for the cups service, you could use to configure your printers. |
All times are GMT -5. The time now is 10:06 AM. |