Re: How to find out what service is running on a port

To: Sean Kelleher <kellehers103@home.com>
Cc: debian-user@lists.debian.org
Subject: Re: How to find out what service is running on a port
From: Richard Cobbe <cobbe@airmail.net>
Date: Tue, 9 Oct 2001 19:59:59 -0500 (CDT)
Message-id: <[🔎] 15299.40335.309240.365355@ankh-morpork.cobbe.net>
Reply-to: cobbe@alumni.rice.edu
In-reply-to: <[🔎] 20011009182232.A1003@cr1022297-a.lndn1.on.wave.home.com>
References: <[🔎] 20011009182232.A1003@cr1022297-a.lndn1.on.wave.home.com>

Lo, on Tuesday, October 9, Sean Kelleher did write:

> Hi folks,
> 
> I've got errors that are continually popping up to STDERR about a
> packet being rejected by my firewall, bound for port 65535. this
> behaviour itself is normal -- my firewall should reject this packet --
> but i'd like to know what service this packet hopes to reach. i've
> checked the relevant files (AFAIK -- /etc/services, /etc/inetd.conf),
> but don't see anything that applies.
> 
> anyone know where i could look to find out which service this is? 

http://www.snort.org/ has a database of this sort of information,
searchable by port number.  (Bottom of the left column.)

For 65535, it says:

Port                             65535 / tcp 
Keyword                          RC1trojan 
Description                      [trojan] RC1 trojan

for what that's worth to you.

IIRC, ports in the high end of the range are also used by Linux for IP
masquerading.  I seem to recall hearing about a hole in this system that
could be exploited, although I don't remember any details.  (I do know that
it was patched quite some time ago; 2.4 and recent 2.2 kernels aren't
vulnerable.)

Richard

Reply to:

References:
- How to find out what service is running on a port
  - From: Sean Kelleher <kellehers103@home.com>

Prev by Date: German Umlaute with ssh
Next by Date: Segfaults while copying files on IDE
Previous by thread: Re: How to find out what service is running on a port
Next by thread: KDE X as root
Index(es):
- Date
- Thread