random open ports when portscan

Asked by joeboentoe

If I do a port scan then I get random open ports. Every time I hit the button "scan" I get other open ports, except for the ipp 631 which is always open. see screens:

portscan1.png
portscan2.png
portscan3.png

If I do netstat -lp 127.0.0.1 . I don't get the random open ports. Only the ipp 631 which is always there and has the STATE "LISTEN", and some udp which have an empty "STATE"

If I do nmap 127.0.0.1 I only get the ipp 631 port

So, what is going on? How can I find the processes that opens the random ports?

This thread is also located at http://ubuntuforums.org/showthread.php?p=5096479#post5096479

thanks

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu gnome-nettool Edit question
Assignee:
No assignee Edit question
Solved by:
Bhavani Shankar
Solved:
Last query:
Last reply:
Revision history for this message
joeboentoe (trancegenetic) said :
#1
Revision history for this message
Bhavani Shankar (bhavi) said :
#2

hello Joe:

To find the processes running on ports give this simple command:

netstat -na

then

nmap -sS -sV -O -PI -PT 127.0.0.1

will get you the state of the port and the program running on the port too

As a tip mate: If any of the post here answers your question here please click " This solved my problem " Button on the RHS bottom of the answer post mate.. Or if you are using an email interface please click the link below ' If this anwers your question " or something similar in the post of the answer which solved your problem

Regards

Bhavani Shankar.

Revision history for this message
joeboentoe (trancegenetic) said :
#3

Thx Bhavani Shankar.

But the problem is that the random ports are only appearing in the gnome-nettool and not in netstat or nmap. In the other thread they think that the scan is picking himself up or something.

Regards,
Joeboentoe

Revision history for this message
Best Bhavani Shankar (bhavi) said :
#4

yes I agree with what MythosLegend said there It could be the scan would be picking up for that I would test my loopback in my network.... +1 from me too

Revision history for this message
joeboentoe (trancegenetic) said :
#5

Thanks Bhavani Shankar, that solved my question.

Revision history for this message
culmore (culmore) said :
#6

I understand the problem and that if add some rules iptables I can block the loopback.

But will there be a patch or something for this. It is very confusing for the novice trying to secure his own server for the first time. I thought I might have been hacked!