Cannot identify process of listening port 600/tcp6
BBlister
bblister at gmail.com
Mon Feb 18 06:56:40 UTC 2019
>From FreeBSD Forums
https://forums.freebsd.org/threads/listening-port-600-tcp6-cannot-be-mapped-to-process-am-i-hacked.69624/#post-417787
> You could make the firewall log activity on that port.
> Also, you can use tcpdump to analyze the content of the datagrams.
> If I recall correctly, nmap has a service discovery mode and it can try to
> detect what exactly is listening on > the port.
>
My reply:
I have executed tcpdump for 24 hours but I couln't receive/send any packet
destined for that port. This is a passive way of detecting what is
happening, and involves reverse engineering, because the datagram may be
encrypted.
It is difficult to wait for a packet to arrive or depart on port 600 (maybe
it is trojan waiting to be activated?).
I find it strange that FreeBSD does not have a tool to detect kernel
listening sockets and the only way to detect what is happening it just by
sniffing and trying to figure out the datagrams.
What should I try next?
--
Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-questions-f3696945.html
More information about the freebsd-questions
mailing list