[H-GEN] TCP Port 32768 & 32769
Joel Michael
joel at gimps-r-us.com
Fri Dec 10 06:55:54 EST 2004
Kelvin Heng wrote:
> I did a netstat -an | grep -i listen on my linux box and found out that
> tcp port 32768 & 32769 are running on my box. I check for the services
> that tags to these two ports (check out /etc/services, /etc/rpc and #
> rpcinfo -p) but unable to find.
>
> Anyone knows how to go about finding out what are these ports?
> Are there any command that can be used to find out?
>
There are two (common) ways to do this under Linux. The first, as Mal
Beaton suggested, is to use the 'lsof' command. This will generally
work for most flavours of UNIX - as long as it is installed. The second
way, which is (as far as I can tell) Linux-specific, is to use the -p
flag to netstat, e.g. netstat -anp | grep LISTEN will show process IDs
and names.
Two things that immediately spring to mind about those ports are
RPC/Portmap (e.g. NFS, NIS, but rpcinfo -p should have shown that) and
some kind of rootkit...
More information about the General
mailing list