-   Linux - Security (
-   -   what runs on port 32764 and 49152? (

cope 09-30-2007 02:31 AM

what runs on port 32764 and 49152?
Hey guys,

While experimenting with sockets/threads in java, I decided to build a port scanner.. I thought it'd be funny to scan myself (wan address) and see what happens.. Well I was surprised to see two ports that I'm not sure what their uses are, they are 32764 and 49152. A quick google doesn't really give me much, I was wondering if any of you smart fellas would know what it is? Its pointing to a netgear router, and after scanning my local machines (internally) neither of the ports are open. What do you think they're for?

unSpawn 09-30-2007 03:53 AM

- If it's an officially IANA-assigned port (with a number between 0 and roughly 30000) then its number should correspond with a service in /etc/services ('getent services portnumber'), the services file of a scanner like Nmap or an online database like Sans' ISC. *Note that ephemeral port usage can be configured locally using the /proc/sys/net/ipv4/ip_local_port_range sysctl. An old default was 1024-5000, for servers a value of 32768-61000 is used and some applications want something like 1025-65535. *Also note these are static number-to-service mappings and while for instance /etc/services will say TCP/22 matches SSH that doesn't have to be the case in a particular situation,
- Else if it's a port of which you don't know which process did bind to it then if you have access to the host you can interrogate it using 'netstat -anp', 'lsof -w -n -i protocol:portnumber' or 'fuser -n protocol portnumber' *This is the most accurate method,
- Else if you do not have access to the host you could interrogate it by for instance telnetting to it *This is not an accurate method and in the case of a compromised host you may alert the intruder you're on her case.

If you have access to the host you'll probably find the short-lived process died and the port isn't bound anymore.

All times are GMT -5. The time now is 06:14 PM.