- If it's an officially IANA-assigned port (with a number between 0 and roughly 30000) then its number should correspond with a service in /etc/services ('getent services portnumber'), the services file of a scanner like Nmap or an online database like Sans' ISC. *Note that ephemeral port usage can be configured locally using the /proc/sys/net/ipv4/ip_local_port_range sysctl. An old default was 1024-5000, for servers a value of 32768-61000 is used and some applications want something like 1025-65535. *Also note these are static number-to-service mappings and while for instance /etc/services will say TCP/22 matches SSH that doesn't have to be the case in a particular situation,
- Else if it's a port of which you don't know which process did bind to it then if you have access to the host you can interrogate it using 'netstat -anp', 'lsof -w -n -i protocol
ortnumber' or 'fuser -n protocol portnumber' *This is the most accurate method,
- Else if you do not have access to the host you could interrogate it by for instance telnetting to it *This is not an accurate method and in the case of a compromised host you may alert the intruder you're on her case.
If you have access to the host you'll probably find the short-lived process died and the port isn't bound anymore.