[ale] Identfy source of open ports
dev null zero two
dev.null.02 at gmail.com
Fri Jan 3 00:58:39 EST 2014
tcpdump or wireshark those ports! then try netcatting to them from another
machine and see if you see anything interesting! fun investigation :-D
Sent from my mobile. Please excuse the brevity, spelling, and punctuation.
On Jan 3, 2014 12:51 AM, "Alex Carver" <agcarver+ale at acarver.net> wrote:
> It's a new year so on a whim I started nmaps of various machines and
> devices on my home network to see what was open and if anything I didn't
> know about popped up.
>
> One of my Debian boxes popped up with two ports out of the blue. Port
> 42865 and 54906. I don't know of any services running that use those
> ports. Running netstat -ap doesn't show much either, it has a blank
> entry for the PID/Program name:
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> PID/Program name
>
> tcp 0 0 *:42865 *:* LISTEN -
> tcp 0 0 *:54906 *:* LISTEN -
>
> Anything else I can use to try and ferret out what it is that is
> listening on these ports? Neither port is accessible from the outside
> world due to a firewall. A scan of two other Debian shows mostly ok
> (expected services) though one shows port 779 open in listen mode but
> again with no PID, and the other machine shows 31599 (also not accessible).
>
> Searching online for those particular ports doesn't provide any useful
> information (779 claims one use is for NetInfo on OS X but that machine
> is not a Mac).
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140103/839f362e/attachment-0001.html>
More information about the Ale
mailing list