Hi, try the command "fuser". E.g. %netstat -na --inet Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:617 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9090 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN %fuser 617/tcp 617/tcp: 130 %ps -xa | grep '130' 130 ? S 0:00 /usr/knox/bin/nlservd start Then you'll find out that TCP port 617 is handled by "nlservd" And in my case here it is a software that is part of Arkeia backupsystem. Regards /Michael On Mon, 18 Mar 2002 08:59:06 +0100 (CET) Jihène Krichène <jihene_krichene@yahoo.fr> wrote: > > Hi > I have also the same problem, but with the ports 613, 612, 610. Each time, > nmap shows me a different number. > I don't know if nmap is really efficient. > Because when I run it throw another PC in order to scan my own machine, I > have another output. > > Itried > lsof -i :613 | grep LISTEN > but I didn't have any output. > > If any one can help, I'll be greatfull > > > Best regards > --- "Robert A. Thompson" <ucs_rat@shsu.edu> a écrit : > > > There are probably rpc.mountd, rpc.statd, rpc.quotad, and etc from the > > nfs/portmapper packages. Try running an lsof on the machine that is > > listening to see what has the port open... Example: > > > > lsof -i :862 | grep LISTEN > > > > will show the process that has a port open and listening on your > > machine. > > > > --robert > > > > > > On Fri, 2002-03-15 at 07:58, Tiago Fioreze wrote: > > > > > > > > > Hi !!! > > > > > > I'am observing that my web server has some 'strange' ports. The > > program > > > nmap showed the following : > > > > > > Port State Service > > > 22/tcp open ssh > > > 25/tcp open smtp > > > 80/tcp open http > > > 111/tcp open sunrpc > > > 443/tcp open https > > > --> 862/tcp open unknown > > > --> 956/tcp open unknown > > > --> 957/tcp open unknown > > > 2401/tcp open cvspserver > > > 3306/tcp open mysql > > > 8080/tcp open http-proxy > > > 32770/tcp open sometimes-rpc3 > > > > > > I consulted in the web about these three strange ports, and the > > answer > > > that I get was 'Unassigned' > > > > > > I would like to know what to make in a case of these, when > > strange > > > ports appear in the machines of my network ? > > > > > > Thanks a lot ! > > > > > > Tiago Fioreze > > > > > > ------------------------------------------------------------------------ > > > To unsubscribe email security-discuss-request@linuxsecurity.com > > > with "unsubscribe" in the subject of the message. > > > > > > > ------------------------------------------------------------------------ > > To unsubscribe email security-discuss-request@linuxsecurity.com > > with "unsubscribe" in the subject of the message. > > > > ___________________________________________________________ > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! > Yahoo! Mail : http://fr.mail.yahoo.com > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > > -- Michael Andersson AJM Datakonsult AB Tel: +46-8 761 03 20 -- Fax: +46-8 761 03 21 -- Cell: +46-70 695 36 00 http://www.ajm-data.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
