linux - Network port open, but no process attached? -


when check server, found strange ports:

[root@server ~]# netstat -tulnp |grep "-" proto recv-q send-q local address    foreign address    state       pid/program name    tcp        0      0 0.0.0.0:2049     0.0.0.0:*          listen      -                    tcp        0      0 0.0.0.0:33181    0.0.0.0:*          listen      -                    udp        0      0 0.0.0.0:2049     0.0.0.0:*                      -                    udp        0      0 0.0.0.0:33252    0.0.0.0:*                      -   

no program can found in output of netstat -tulnp(with root privilege).

how find usage of these ports? how judge it's safe or not?

os: centos 5.6 x86_64

kernel: 2.6.18-238.el5 #1 smp thu jan 13 15:51:15 est 2011 x86_64 x86_64 x86_64 gnu/linux

update:

# rpcinfo -p program vers proto   port 100000    2   tcp    111  portmapper 100000    2   udp    111  portmapper 100011    1   udp    824  rquotad 100011    2   udp    824  rquotad 100011    1   tcp    827  rquotad 100011    2   tcp    827  rquotad 100003    2   udp   2049  nfs 100003    3   udp   2049  nfs 100003    4   udp   2049  nfs 100021    1   udp  33252  nlockmgr 100021    3   udp  33252  nlockmgr 100021    4   udp  33252  nlockmgr 100003    2   tcp   2049  nfs 100003    3   tcp   2049  nfs 100003    4   tcp   2049  nfs 100021    1   tcp  33181  nlockmgr 100021    3   tcp  33181  nlockmgr 100021    4   tcp  33181  nlockmgr 100005    1   udp    839  mountd 100005    1   tcp    842  mountd 100005    2   udp    839  mountd 100005    2   tcp    842  mountd 100005    3   udp    839  mountd 100005    3   tcp    842  mountd 

these rpc ports reserved portmapper. 2049 known port used nfs. other ports other rpc services. query portmapper full list of services , ports use rpcinfo -p.


Comments