On 13/12/2023 17:47, Tim wrote:
On 13/12/2023 17:31, Ralph Corderoy wrote:
Hi Tim,
State: Listen
Recv-Q: 0
On all interfaces:
Send-Q Local Peer Process
100 0.0.0.0:smtp :25 0.0.0.0:*
users:(("master",pid=3664,fd=13)) ino:39331
sk:7cgroup:/system.slice/system-postfix.slice/postfix@-.service <->
100 [::]:smtp :25 [::]:*
users:(("master",pid=3664,fd=14)) ino:39332
sk:fcgroup:/system.slice/system-postfix.slice/postfix@-.service
v6only:1 <->
4096 0.0.0.0:sunrpc :111 0.0.0.0:*
users:(("rpcbind",pid=771,fd=4),("systemd",pid=1,fd=35)) ino:17782
sk:3 cgroup:/system.slice/rpcbind.socket <->
4096 [::]:sunrpc :111 [::]:*
users:(("rpcbind",pid=771,fd=6),("systemd",pid=1,fd=37)) ino:23838
sk:c cgroup:/system.slice/rpcbind.socket v6only:1 <->
100 0.0.0.0:4000 0.0.0.0:*
users:(("nxd",pid=3425,fd=3)) uid:130 ino:37538 sk:9
cgroup:/system.slice/nxserver.service <->
100 [::]:4000 [::]:* users:(("nxd",pid=3425,fd=4))
uid:130 ino:38572 sk:10 cgroup:/system.slice/nxserver.service
v6only:1 <->
128 [::1]:ipp :631 [::]:* users:(("cupsd",pid=1036,fd=7))
ino:22359 sk:d cgroup:/system.slice/cups.service v6only:1 <->
128 [::1]:7001 [::]:*
users:(("nxnode.bin",pid=4738,fd=16)) uid:1000 ino:43356 sk:e
cgroup:/user.slice/user-1000.slice/session-c3.scope v6only:1 <->
Only on the localhost interface:
4096 127.0.0.53%lo:53 0.0.0.0:*
users:(("systemd-resolve",pid=772,fd=14)) uid:101 ino:21970 sk:4
cgroup:/system.slice/systemd-resolved.service <->
128 127.0.0.1:ipp :631 0.0.0.0:*
users:(("cupsd",pid=1036,fd=8)) ino:22360 sk:5
cgroup:/system.slice/cups.service <->
128 127.0.0.1:667 0.0.0.0:*
users:(("darkstat",pid=1124,fd=9)) ino:32379 sk:8
cgroup:/system.slice/darkstat.service <->
128 127.0.0.1:7001 0.0.0.0:*
users:(("nxnode.bin",pid=4738,fd=17)) uid:1000 ino:43357 sk:6
cgroup:/user.slice/user-1000.slice/session-c3.scope <->
100 127.0.0.1:12001 0.0.0.0:*
users:(("nxnode.bin",pid=4738,fd=14)) uid:1000 ino:34811 sk:a
cgroup:/user.slice/user-1000.slice/session-c3.scope <->
100 127.0.0.1:23585 0.0.0.0:*
users:(("nxserver.bin",pid=1040,fd=20)) uid:130 ino:31733 sk:b
cgroup:/system.slice/nxserver.service <->
100 127.0.0.1:25001 0.0.0.0:*
users:(("nxclient.bin",pid=5149,fd=6)) uid:1000 ino:40720 sk:2
cgroup:/user.slice/user-1000.slice/session-c3.scope <->
50 127.0.0.1:35335 0.0.0.0:*
users:(("pia-daemon",pid=1044,fd=37)) ino:44489 sk:1
cgroup:/system.slice/piavpn.service <->
PIA is a VPN service
NX is Nomachine
You wrote ‘they use various port number around the 42000 to 49500 area’
but no process is listening on a TCP port in that range so Wireshark
can't be showing a TCP connection to one of those ports.
Have I got it the wrong way around and 42000-49500 is the source port
range at the remote end? If so, what's the destination port, i.e. the
port on your machine? And is it definitely TCP? There should be a
process listening on it.
This was about 12 minutes ago
test result
Link to image
http://xendistar.co.uk/wp/wp-content/uploads/2023/12/shark.png
I see you have Sun RPC running.https://en.wikipedia.org/wiki/Portmap
Is that because you use NFS or something? What protocols does that know
about? What's the output of
sudo -i rpcinfo -p
Yes I have a NAS on NFS
sudo -i rpcinfo -p
[sudo] password for mit:
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
Regards
Tim H
--
Next meeting: Online, Jitsi, Tuesday, 2024-01-02 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk