Re: [SLUG] nmap and ID'ing open ports

From: Russell Hires (rhires@earthlink.net)
Date: Sun Sep 09 2001 - 19:16:32 EDT


Okay, I think I have it all figured out. Port 3059 is for kde, for some
reason. I'll have to research that. Port 8021 is ID'ed as a python process,
but it really belongs to Zope, as its ftp service. (8080 is normally the zope
default http port, so 8021 for ftp...only makes sense.)

The interesting thing for me lately is that whether my firewall is up or not,
nmap shows me the same ports. So I'm sort of puzzled by that. OTOH, maybe
that just means I'm nice and secure?

Thanks for all the help!

Russell

On Sunday 09 September 2001 15:24, you wrote:
> On Sun, Sep 09, 2001 at 01:41:30PM -0400, Russell Hires wrote:
> > Hello everyone,
> >
> > I'm working with my firewall and nmap, and I just discovered that I've
> > got ports open, but I don't know what they do, and they aren't listed in
> > my /etc/services file. I think they may be related to my zope install,
> > which I'll investigate, but perhaps someone here will know what goes with
> > what port. :-)
> >
> > Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
> > Interesting ports on poet (127.0.0.1):
> > (The 64508 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 3059/tcp open unknown
> > 5432/tcp open postgres
> > 8021/tcp open unknown
> > 9673/tcp open unknown
>
> I believe you can do
> netstat --inet -an -p
> as root to see what programs are bound to ports on linux.
>
> the -p is the money-maker .. the -an just mean all, numbered
>
> lsof will also list programs bound to ports.
>
> g'luck...



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:59:30 EDT