主页 / server / 问题 / 745532
Accepted
lumbric
Asked: 2015-12-29 03:29:13 +0800 CST

nmap 显示奇怪的开放端口

  • 772

在我的本地主机上运行 nmap 会显示奇怪的开放端口:

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00047s latency).
All 65535 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 2.51 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE
36642/tcp open  unknown
50826/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 2.55 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00050s latency).
Not shown: 65531 closed ports
PORT      STATE SERVICE
37700/tcp open  unknown
46694/tcp open  unknown
48334/tcp open  unknown
53438/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 2.60 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
All 65535 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 2.51 second

正如这个输出所示,打开的端口似乎快速而随机地变化。如果我以正确的方式解释输出,我无法通过 netstat 看到这些端口:

$ sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      0          17081       809/dnsmasq     
udp        0      0 0.0.0.0:5449            0.0.0.0:*                           0          30885       2855/dhclient   
udp        0      0 127.0.1.1:53            0.0.0.0:*                           0          17080       809/dnsmasq     
udp        0      0 0.0.0.0:68              0.0.0.0:*                           0          30321       2855/dhclient   
udp        0      0 0.0.0.0:45170           0.0.0.0:*                           107        15289       606/avahi-daemon: r
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          15931       636/cups-browsed
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           107        15287       606/avahi-daemon: r
udp6       0      0 :::34146                :::*                                107        15290       606/avahi-daemon: r
udp6       0      0 :::55654                :::*                                0          30886       2855/dhclient   
udp6       0      0 :::5353                 :::*                                107        15288       606/avahi-daemon: r

我尝试使用 lsof 调查这些端口,但没有结果,我猜当 nmap 返回时,端口不再打开:

lsof -i :`nmap -p- localhost|grep '/tcp'|cut -d'/' -f1|head -n1`

我可以做些什么来进一步调查这个问题?我需要担心吗?这是正常的吗?我应该怀疑任何恶意进程正在运行吗?

请注意,这个问答是不同的,因为我在本地机器上运行所有内容。

netstat

1 个回答

  1. Best Answer

    这是 Nmap 6.40 - 6.47 中的一个错误,我在 StackOverflow 上的答案中详细讨论过。自 6.49BETA 系列以来已修复此问题,因此升级到最新的 Nmap(撰写本文时为 7.01)将解决该问题。

    • 3

相关问题