PE 2950 / RhEL4 : tcp port 686 open ?

Florent Gilain florent.gilain at direct-energie.com
Fri Jan 12 05:00:09 CST 2007


[root at s-oracle-bak ~]# lsof | egrep -i 686
rpc.statd  4744 rpcuser    6u     IPv4               8669
TCP *:686 (LISTEN)
perl       5749  oracle  mem       REG              253,6     19604
22160283
/oracle/product/10.2.0/db_1/perl/lib/5.8.3/i686-linux-thread-multi/auto/IO/I
O.so
perl       5749  oracle  mem       REG              253,6     16775
22160315
/oracle/product/10.2.0/db_1/perl/lib/5.8.3/i686-linux-thread-multi/auto/Fcnt
l/Fcntl.so
perl       5749  oracle  mem       REG              253,6    124933
22160317
/oracle/product/10.2.0/db_1/perl/lib/5.8.3/i686-linux-thread-multi/auto/POSI
X/POSIX.so
perl       5749  oracle  mem       REG              253,6     11949
22160290
/oracle/product/10.2.0/db_1/perl/lib/5.8.3/i686-linux-thread-multi/auto/Cwd/
Cwd.so
java       5774  oracle  mem       REG              253,6    686620
22155719 /oracle/product/10.2.0/db_1/owm/jlib/owm-3_0.jar
java       5774  oracle  mem       REG              253,6    475686
22158054 /oracle/product/10.2.0/db_1/oc4j/sqlj/lib/runtime12ee.jar

Does that mean it is finally an Oracle port ?, not a RHEL default opened
port ?

Florent 

-----Message d'origine-----
De : Brian A. Seklecki [mailto:lavalamp at spiritual-machines.org] 
Envoyé : vendredi 12 janvier 2007 11:23
À : Florent Gilain
Cc : linux-poweredge at lists.us.dell.com
Objet : Re: PE 2950 / RhEL4 : tcp port 686 open ?


That's crazy.

You can use "lsof | egrep -i 686" or "sockstat | egrep -i 686" to ascertain
which process has an emphemeral, unregistered, priviledge port open.

If you system doesn't have sockstat, you can probably use fstat(8) since
sockets are file handlers.

~BAS

On Fri, 12 Jan 2007, Florent Gilain wrote:

> Hi all,
>
> Just a question concerning default ports open on DELL default RHEL4 
> installation :
>
> What is this tcp port 686 ? What is it used for and is there a problem 
> to close it ?
>
> [root at supervision root]# nmap -v s-oracle-bak
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) No tcp,udp, or ICMP 
> scantype specified, assuming SYN Stealth scan. Use -sP if you really 
> don't want to portscan (and just want to see what hosts are up).
> Host s-oracle-bak.de.lan (10.168.123.16) appears to be up ... good.
> Initiating SYN Stealth Scan against s-oracle-bak.de.lan 
> (10.168.123.16) Adding open port 1521/tcp Adding open port 32775/tcp 
> Adding open port 199/tcp Adding open port 5520/tcp Adding open port 
> 111/tcp Adding open port 686/tcp Adding open port 22/tcp The SYN 
> Stealth Scan took 16 seconds to scan 1601 ports.
> Interesting ports on s-oracle-bak.de.lan (10.168.123.16):
> (The 1594 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 111/tcp    open        sunrpc
> 199/tcp    open        smux
> 686/tcp    open        unknown
> 1521/tcp   open        oracle
> 5520/tcp   open        sdlog
> 32775/tcp  open        sometimes-rpc13
>
> Thanks
>
> Florent
>
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq
>

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."




More information about the Linux-PowerEdge mailing list