1

I've read other posts about finding the process ID and what's listening, but sadly couldn't get my issue solved. So, apologize if I missed some info about it.

Running netstat I found a port that I can't recognize: 35813

$ sudo netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:35813           0.0.0.0:*               LISTEN      -

No PID information. Then ran lsof but shows no output about that port.

$ sudo lsof -i :35813

Also tried running just lsof -i but nothing there seems suspicious. This is the output with the TCP listening processes:

$ sudo lsof -Pni -sTCP:LISTEN
COMMAND     PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpc.statd   520    statd    9u  IPv4  11556      0t0  TCP *:56969 (LISTEN)
rpc.statd   520    statd   11u  IPv6  11562      0t0  TCP *:46289 (LISTEN)
rpcbind     522     root    8u  IPv4  11545      0t0  TCP *:111 (LISTEN)
rpcbind     522     root   11u  IPv6  11548      0t0  TCP *:111 (LISTEN)

I also tried fuser, but returned an empty output as well.

$ sudo fuser 35813/tcp

From a remote host inside the LAN, I can telnet the port:

$ telnet 192.168.0.16 35813
Trying 192.168.0.16...
Connected to 192.168.0.16.
Escape character is '^]'.

I can send a character, nothing happens. When I type the second character the connection is closed by the foreign host.

Finally I ran a grep inside /etc/ trying to find something listening that port (a bit desperate) but couldn't find anything there.

The host is running OpenVPN (udp), lighttpd and ssh. Non of them use the port 35813. Any advice here? Many thanks in advance.

Improve this question

1 Answer 1

Reset to default
0

As you describe it, your issue seems to be a UDP port that is a random number (therefore cannot get information about what is running on that port) and it is on a server? (Or NAS?)

You could try nmap -v -A -p {the port that you can't recognise} {the host IP}.

If it returns "unknown" as a 'service running on port' then you can try and find out what are the services that are running usually on that port in Wikipedia.

Another solution is (if it is possible) to restart the server / NAS and see if it opens up again.

If it does (and you are running Linux (any)) you can close all UDP ports with commands which you can find on the internet by typing

how to disable all UDP connections on (version / distro) Linux.

Good luck!!

Improve this answer
2
  • I am going to mark your answer as a solution. Nmap helped me to find out, thanks. It was the service nlockmgr of NFS, as I have a directory mounted over NFS, seems it opens a random tcp port. I disabled NFS and after restarting no strange port was listening. I enabled NFS mountpoint again and after restart another port was listening with nlockmgr running behind. I still don't understand why, because other similar hosts I have also mounting over NFS don't listen on random ports, but that would be out of the scope here. Thanks again.
    – jmox
    Commented Feb 17, 2019 at 15:20
  • You may have helped the OP solve their problem, but I believe that this is a bad answer.  The netstat output at the beginning of the question clearly shows a tcp socket (port number 35813) in LISTEN state (remember that UDP sockets are stateless), and the telnet experiment at the end of the question clearly shows that TCP port 35813 is accepting connections.
    – Scott - Слава Україні
    Commented Feb 17, 2019 at 17:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .