<p dir="ltr">tcpdump or wireshark those ports! then try netcatting to them from another machine and see if you see anything interesting! fun investigation :-D </p>
<p dir="ltr">Sent from my mobile. Please excuse the brevity, spelling, and punctuation. </p>
<div class="gmail_quote">On Jan 3, 2014 12:51 AM, "Alex Carver" <<a href="mailto:agcarver%2Bale@acarver.net">agcarver+ale@acarver.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It's a new year so on a whim I started nmaps of various machines and<br>
devices on my home network to see what was open and if anything I didn't<br>
know about popped up.<br>
<br>
One of my Debian boxes popped up with two ports out of the blue. Port<br>
42865 and 54906. I don't know of any services running that use those<br>
ports. Running netstat -ap doesn't show much either, it has a blank<br>
entry for the PID/Program name:<br>
<br>
Proto Recv-Q Send-Q Local Address Foreign Address State<br>
PID/Program name<br>
<br>
tcp 0 0 *:42865 *:* LISTEN -<br>
tcp 0 0 *:54906 *:* LISTEN -<br>
<br>
Anything else I can use to try and ferret out what it is that is<br>
listening on these ports? Neither port is accessible from the outside<br>
world due to a firewall. A scan of two other Debian shows mostly ok<br>
(expected services) though one shows port 779 open in listen mode but<br>
again with no PID, and the other machine shows 31599 (also not accessible).<br>
<br>
Searching online for those particular ports doesn't provide any useful<br>
information (779 claims one use is for NetInfo on OS X but that machine<br>
is not a Mac).<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>