Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see:
viewtopic.php?t=158230
Linux Kernel, Network, and Services configuration.
sakurita
Posts: 9 Joined: 2023-01-22 11:19
Has thanked: 2 times
#1
Post
by sakurita » 2023-03-16 17:46
Hey there;
I was performing routine port check:
Code: Select all
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:51820 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:40175 0.0.0.0:*
udp UNCONN 0 0 [::]:51820 [::]:*
udp UNCONN 0 0 [::]:60038 [::]:*
udp UNCONN 0 0 [::]:5353 [::]:*
tcp LISTEN 0 128 127.0.0.1:631 0.0.0.0:*
Code: Select all
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:51232 0.0.0.0:*
udp 0 0 0.0.0.0:51820 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:40175 0.0.0.0:*
udp6 0 0 :::51820 :::*
udp6 0 0 :::60038 :::*
udp6 0 0 :::5353 :::*
I tried to identify (using google) the app o daemon associate with some ports, but others it's imposible to said what applications is behind.
it is possible to find out the application or process that opens those ports?
I'm using a firewall to denied incoming connections.
Attachments
Last edited by
sakurita on 2023-03-31 10:50, edited 1 time in total.
Aki
Global Moderator
Posts: 2919 Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 72 times
Been thanked: 400 times
#2
Post
by Aki » 2023-03-16 20:54
Hello,
sakurita wrote: ↑ 2023-03-16 17:46
it is possible to find out the application or process that opens those ports?
You can use the following command from net-tools package:
Aki
Global Moderator
Posts: 2919 Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 72 times
Been thanked: 400 times
#4
Post
by Aki » 2023-03-22 08:08
@sakurita : hello, can you update the thread ?
sakurita
Posts: 9 Joined: 2023-01-22 11:19
Has thanked: 2 times
#5
Post
by sakurita » 2023-03-31 10:49
Aki wrote: ↑ 2023-03-22 08:08
@sakurita: hello, can you update the thread ?
Done
Thanks
Aki
Global Moderator
Posts: 2919 Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 72 times
Been thanked: 400 times
#6
Post
by Aki » 2023-03-31 11:50
@sakurita : have you identified the programs that opened the “unknown ports” ? Were commands suggested in previous posts useful to you ?
sakurita
Posts: 9 Joined: 2023-01-22 11:19
Has thanked: 2 times
#8
Post
by sakurita » 2023-04-02 20:41
Aki wrote: ↑ 2023-03-31 11:50
@sakurita: have you identified the programs that opened the “unknown ports” ? Were commands suggested in previous posts useful to you ?
For this ports:
Code: Select all
udp 0 0 0.0.0.0:51820 0.0.0.0:* - off (0.00/0/0)
udp 0 0 0.0.0.0:631 0.0.0.0:* - off (0.00/0/0)
udp 0 0 0.0.0.0:42088 0.0.0.0:* - off (0.00/0/0)
udp 0 0 0.0.0.0:5353 0.0.0.0:* - off (0.00/0/0)
Using "sudo lsof -i":
Code: Select all
avahi-dae 577 avahi 12u IPv4 13289 0t0 UDP *:mdns
avahi-dae 577 avahi 13u IPv6 13290 0t0 UDP *:mdns
avahi-dae 577 avahi 14u IPv4 13291 0t0 UDP *:42088
avahi-dae 577 avahi 15u IPv6 13292 0t0 UDP *:52042
cups-brow 706 root 7u IPv4 19707 0t0 UDP *:631
As you see, not all of them are resolved
5353 is multicast but i didn't got an PID, same with 51820 .......
Using "netstat -tcup" got less PID
kent_dorfman766
Posts: 540 Joined: 2022-12-16 06:34
Location: socialist states of america
Has thanked: 59 times
Been thanked: 70 times
#9
Post
by kent_dorfman766 » 2023-04-02 22:47
FWIW, I see nothing alarming about the above.
They are resolved as avahi-daemon owned. Don't expect those high number UDP binds to be persistent. They will change...frequently
sakurita
Posts: 9 Joined: 2023-01-22 11:19
Has thanked: 2 times
#10
Post
by sakurita » 2023-04-04 08:27
Finally ...... UDP 51820 is wireguard connection related.