[opensuse] Who is listening on these ports?

---

• From: Per Jessen <per@xxxxxxxxxxxx>
• Date: Sun, 30 Sep 2007 14:22:47 +0200

---

Output from netstat -tupln:

# netstat -ltupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:49826 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3668/smbd
[snip]
tcp 0 0 ::1:631 :::* LISTEN 3195/cupsd
tcp 0 0 ::1:25 :::* LISTEN 3698/master
udp 0 0 0.0.0.0:32769 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* 2867/dhcpcd
udp 0 0 0.0.0.0:69 0.0.0.0:* 3390/xinetd
[snip]


What is listening on TCP:49826 and UDP:32769 ? I checked with lsof -i -nP:

# lsof -i -nP
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 2867 root 4u IPv4 7854 UDP *:68
portmap 3047 nobody 3u IPv4 8277 UDP *:111
portmap 3047 nobody 4u IPv4 8278 TCP *:111 (LISTEN)
cupsd 3195 root 0u IPv4 9333 TCP 127.0.0.1:631 (LISTEN)
cupsd 3195 root 2u IPv6 9334 TCP [::1]:631 (LISTEN)
cupsd 3195 root 4u IPv4 9572 UDP *:631
zmd 3329 root 5u IPv4 9195 TCP 127.0.0.1:2544 (LISTEN)
sshd 3364 root 3u IPv6 9187 TCP *:22 (LISTEN)
xinetd 3390 root 5u IPv4 10301 UDP *:69
ntpd 3588 ntp 16u IPv4 10051 UDP *:123
ntpd 3588 ntp 17u IPv6 10052 UDP *:123
ntpd 3588 ntp 18u IPv6 10053 UDP [fe80::20d:61ff:fe17:d8a0]:123
ntpd 3588 ntp 19u IPv6 10054 UDP [::1]:123
ntpd 3588 ntp 20u IPv4 10055 UDP 127.0.0.1:123
ntpd 3588 ntp 21u IPv4 10056 UDP 192.168.2.113:123
ntpd 3588 ntp 22u IPv4 10203 UDP 192.168.2.255:123
smbd 3668 root 18u IPv4 10309 TCP *:445 (LISTEN)
smbd 3668 root 19u IPv4 10310 TCP *:139 (LISTEN)
master 3698 root 11u IPv4 10500 TCP 127.0.0.1:25 (LISTEN)
master 3698 root 12u IPv6 10502 TCP [::1]:25 (LISTEN)
knode 12054 per 15u IPv4 58879 TCP 192.168.2.113:33488->192.168.2.104:119 (ESTABLISHED)


I've tried a separate 'lsof', and I have also done a scan using rkhunter. Any suggestions?


/Per Jessen, Zürich

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

---

• Follow-Ups:
  • Re: [opensuse] Who is listening on these ports?
    • From: Anders Johansson

• Prev by Date: [opensuse] Update
• Next by Date: Re: [opensuse] legalities
• Previous by thread: [opensuse] Update
• Next by thread: Re: [opensuse] Who is listening on these ports?
• Index(es):
  • Date
  • Thread

---

Relevant Pages SUMMARY: whats filling /var? Oracle sockets? ... COMMAND PID USER FD TYPE DEVICE SIZE/OFF NLINK NODE NAME ... Oracle sockets? ... df reports 15-G used while du reports 62-Megabytes used. ... lsof for /var reports the usual suspects syslogd, cron, and sendmail. ... (SunManagers) Re: lsof output different in script? ... >COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ... The PPID environment variable value is different. ... When lsof is run ... which is the login shell. ... (comp.unix.aix) Re: Has my server been hacked? ... netstat and/or lsof which will mask the rooter payload. ... xinetd services. ... (comp.os.linux.security) Re: Re: FC7 and Apache wont start ... Here is the screen showing "lsof" first and then netstat. ... Active Internet connections (servers and established) ... have identical owners/groups permissions so there shouldn't a permissions problem for the logfiles. ... (Fedora) Re: missing free space ... But is somenthing similar. ... When I test an example from php5-imagick package ... Output from lsof ... COMMAND PID USER FD TYPE DEVICE SIZE NODE ... (Debian-User)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > SuSE  > 2007-09