It would be easier to make things out if you put it inside code blocks and include just the pertinant section of the output.
Does this part mean that someone logged in through the vpn connection:
Code:
ââmingetty(2199)
ââminiserv.pl(2191)
ââpython(2118)ââ¬âopenvpn(2296)âââopenvpn(2299)
â ââpython(2190)
Could you look at this part, and post it inside code blocks to preserve the indentation? Also if possible try changing the character encoding of the terminal program, such as konsole, to utf-8 so that the graphic characters are printed.
Also another way to look at the command line is "ps -ef | grep <PID>" where <PID> is the process number. It shows both the PID and the PPID of each process. pstree is easier to read because the indentation and the grouping show the parent-child relationships at a glance.
On google, I found that miniserv.pl is a script that Webmin uses. Are you using webmin? Check your webmin version and what everything, that is a child of the miniserv process, does.
http://secunia.com/advisories/17749/
If these processes and port usages are legit, you found your answer. If not then your work has just begun.
Also another answer to your original question is to run "getent services <port #>".
NMAP also has it's own services file which is where it gets the info it supplies about the ports.
Look at this similar line from one of your previous posts:
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 5336 2167/cupsd
This is the web interface for the cups service, you could use to configure your printers.