I've read other posts about finding the process ID and what's listening, but sadly couldn't get my issue solved. So, apologize if I missed some info about it.
Running netstat I found a port that I can't recognize: 35813
$ sudo netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:35813 0.0.0.0:* LISTEN -
No PID information. Then ran lsof but shows no output about that port.
$ sudo lsof -i :35813
Also tried running just lsof -i
but nothing there seems suspicious.
This is the output with the TCP listening processes:
$ sudo lsof -Pni -sTCP:LISTEN
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpc.statd 520 statd 9u IPv4 11556 0t0 TCP *:56969 (LISTEN)
rpc.statd 520 statd 11u IPv6 11562 0t0 TCP *:46289 (LISTEN)
rpcbind 522 root 8u IPv4 11545 0t0 TCP *:111 (LISTEN)
rpcbind 522 root 11u IPv6 11548 0t0 TCP *:111 (LISTEN)
I also tried fuser
, but returned an empty output as well.
$ sudo fuser 35813/tcp
From a remote host inside the LAN, I can telnet the port:
$ telnet 192.168.0.16 35813
Trying 192.168.0.16...
Connected to 192.168.0.16.
Escape character is '^]'.
I can send a character, nothing happens. When I type the second character the connection is closed by the foreign host.
Finally I ran a grep
inside /etc/
trying to find something listening that port (a bit desperate) but couldn't find anything there.
The host is running OpenVPN (udp), lighttpd and ssh. Non of them use the port 35813. Any advice here? Many thanks in advance.