IS some kind of spy soft or virus soft using my port 56152?
sudo nmap localhost -p 0-65535
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-18 07:51 HKT Nmap scan report for localhost (127.0.0.1) Host is up (0.000013s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 65531 closed ports PORT STATE SERVICE 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3306/tcp open mysql 56152/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 9.88 seconds IS some kind of spy soft or virus soft using my port 56152? |
First check what is listening with :
netstat -ntpl If you don't find any process listening on this port, you can try rkhunter or chkrootkit to check for rootkits. |
Use lsof to find out what is listening on that port
|
root@pengsir:/home/debian8# sudo nmap localhost -p 0-65535
Starting Nmap 6.47 ( http://nmap.org ) at 2011-01-01 00:12 HKT Nmap scan report for localhost (127.0.0.1) Host is up (0.000013s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 65531 closed ports PORT STATE SERVICE 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 3306/tcp open mysql 49997/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 9.79 seconds root@pengsir:/home/debian8# netstat -ntpl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49997 0.0.0.0:* LISTEN 532/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 523/rpcbind tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1490/exim4 tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1010/mysqld tcp6 0 0 :::111 :::* LISTEN 523/rpcbind tcp6 0 0 :::80 :::* LISTEN 1054/apache2 tcp6 0 0 :::43990 :::* LISTEN 532/rpc.statd tcp6 0 0 ::1:25 :::* LISTEN 1490/exim4 root@pengsir:/home/debian8# lsof -i:49997 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpc.statd 532 statd 9u IPv4 10842 0t0 TCP *:49997 (LISTEN) kill 532 |
Quote:
|
All times are GMT -5. The time now is 06:51 PM. |