Date: Sun, 17 Feb 2019 23:56:31 -0700 (MST) From: BBlister <bblister@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Cannot identify process of listening port 600/tcp6 Message-ID: <1550472991548-0.post@n6.nabble.com> In-Reply-To: <1550345837921-0.post@n6.nabble.com> References: <1550339000372-0.post@n6.nabble.com> <20190216185344.95cb4ec3.freebsd@edvax.de> <1550341736004-0.post@n6.nabble.com> <ED59A34B-1AAA-46F1-81E1-4127ABD5C875@bsdops.com> <1550345837921-0.post@n6.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From FreeBSD Forums https://forums.freebsd.org/threads/listening-port-600-tcp6-cannot-be-mapped-to-process-am-i-hacked.69624/#post-417787 > You could make the firewall log activity on that port. > Also, you can use tcpdump to analyze the content of the datagrams. > If I recall correctly, nmap has a service discovery mode and it can try to > detect what exactly is listening on > the port. > My reply: I have executed tcpdump for 24 hours but I couln't receive/send any packet destined for that port. This is a passive way of detecting what is happening, and involves reverse engineering, because the datagram may be encrypted. It is difficult to wait for a packet to arrive or depart on port 600 (maybe it is trojan waiting to be activated?). I find it strange that FreeBSD does not have a tool to detect kernel listening sockets and the only way to detect what is happening it just by sniffing and trying to figure out the datagrams. What should I try next? -- Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-questions-f3696945.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1550472991548-0.post>