extra open ports in rkhunter

Sun Sep 19 04:38:00 UTC 2010

Anonymous <swell.k at gmail.com> writes:

> Chuck Swiger <cswiger at mac.com> writes:
>
>> Hi--
>>
>> On Sep 18, 2010, at 4:27 PM, Carl Johnson wrote:
>>> The following are the ports if anybody has any ideas, but I would also like to know how to trace them down myself:
>>> 
>>> tcp4       0      0 *.876                  *.*                    LISTEN
>>> tcp6       0      0 *.921                  *.*                    LISTEN
>>> udp4       0      0 *.608                  *.*
>>> udp6       0      0 *.952                  *.*
>>> udp6       0      0 *.804                  *.*
>
> Do you have some networking FS enabled (NFS, AFS, Coda, etc)? Perhaps,
> one of them listens for connections from kernel and is not associated
> with userland process. But it's just a guess.

I have NFS enabled, but its processes are accounted for by both sockstat
and netstat.

> Speaking of processes, procstat(1) can show them, too.

Procstat seems to show the same ports as sockstat and doesn't show any
of the extra ports that netstat does.

Thanks for the reply.
-- 
Carl Johnson		carlj at peak.org