LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-30-2007, 01:31 AM   #1
cope
LQ Newbie
 
Registered: Apr 2005
Distribution: rhel, centos, ubuntu
Posts: 18

Rep: Reputation: 0
what runs on port 32764 and 49152?


Hey guys,

While experimenting with sockets/threads in java, I decided to build a port scanner.. I thought it'd be funny to scan myself (wan address) and see what happens.. Well I was surprised to see two ports that I'm not sure what their uses are, they are 32764 and 49152. A quick google doesn't really give me much, I was wondering if any of you smart fellas would know what it is? Its pointing to a netgear router, and after scanning my local machines (internally) neither of the ports are open. What do you think they're for?

Last edited by cope; 09-30-2007 at 01:55 AM.
 
Old 09-30-2007, 02:53 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
- If it's an officially IANA-assigned port (with a number between 0 and roughly 30000) then its number should correspond with a service in /etc/services ('getent services portnumber'), the services file of a scanner like Nmap or an online database like Sans' ISC. *Note that ephemeral port usage can be configured locally using the /proc/sys/net/ipv4/ip_local_port_range sysctl. An old default was 1024-5000, for servers a value of 32768-61000 is used and some applications want something like 1025-65535. *Also note these are static number-to-service mappings and while for instance /etc/services will say TCP/22 matches SSH that doesn't have to be the case in a particular situation,
- Else if it's a port of which you don't know which process did bind to it then if you have access to the host you can interrogate it using 'netstat -anp', 'lsof -w -n -i protocolortnumber' or 'fuser -n protocol portnumber' *This is the most accurate method,
- Else if you do not have access to the host you could interrogate it by for instance telnetting to it *This is not an accurate method and in the case of a compromised host you may alert the intruder you're on her case.

If you have access to the host you'll probably find the short-lived process died and the port isn't bound anymore.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PLESK [Solution] Change port to 23 (telnet) instead of default port 8443 x5452 Linux - Software 6 05-10-2009 05:58 AM
internet runs-stops, runs-stops........ arnuld Debian 4 05-29-2007 01:02 PM
which service runs on port 806? nirmaltom Linux - Security 4 01-17-2007 05:08 AM
LXer: Entry-level 4-port IP power switch runs Linux LXer Syndicated Linux News 0 10-13-2006 12:21 AM
--destination-ports port[,port[,port...]] KevinGuy Linux - Networking 1 03-16-2004 06:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration