[H-GEN] TCP Port 32768 & 32769

Joel Michael joel at gimps-r-us.com
Fri Dec 10 06:55:54 EST 2004


Kelvin Heng wrote:

> I did a netstat -an | grep -i listen on my linux box and found out that 
> tcp port 32768 & 32769 are running on my box. I check for the services 
> that tags to these two ports (check out /etc/services, /etc/rpc and # 
> rpcinfo -p) but unable to find.
> 
> Anyone knows how to go about finding out what are these ports?
> Are there any command that can be used to find out?
> 
There are two (common) ways to do this under Linux.  The first, as Mal 
Beaton suggested, is to use the 'lsof' command.  This will generally 
work for most flavours of UNIX - as long as it is installed.  The second 
way, which is (as far as I can tell) Linux-specific, is to use the -p 
flag to netstat, e.g. netstat -anp | grep LISTEN will show process IDs 
and names.

Two things that immediately spring to mind about those ports are 
RPC/Portmap (e.g. NFS, NIS, but rpcinfo -p should have shown that) and 
some kind of rootkit...




More information about the General mailing list