On Sat, Nov 24, 2012 at 01:48:47PM +0000, Keith Edmunds wrote:
On Sat, 24 Nov 2012 12:44:37 +0000, todorovic.s@googlemail.com said:
it probably makes far better reading to use netstat -tapn on the machine instead of nmap.
I agree that netstat is a better utility to use; however, you've made a classic mistake (I suspect) of learning a convenient set of switches for a utility and then using them without perhaps appreciating what each one does.
-a will show non-listening sockets, which is unnecessary in this case
-t will show tcp connections; however, DNS uses UDP (mostly), so not only is -t unnecessary, but the omission of -u means the command won't show what we need.
Better:
netstat -ulnp
Which gives:-
chris$ netstat -ulnp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:39072 0.0.0.0:* - udp 0 0 0.0.0.0:43381 0.0.0.0:* - udp 0 0 0.0.0.0:56390 0.0.0.0:* - udp 0 0 0.0.0.0:3483 0.0.0.0:* - udp 0 0 0.0.0.0:52667 0.0.0.0:* - udp 0 0 0.0.0.0:36459 0.0.0.0:* - udp 0 0 0.0.0.0:53 0.0.0.0:* - udp 0 0 0.0.0.0:67 0.0.0.0:* - udp 0 0 0.0.0.0:111 0.0.0.0:* - udp 230400 0 0.0.0.0:631 0.0.0.0:* - udp 0 0 127.0.0.1:760 0.0.0.0:* - udp 0 0 0.0.0.0:989 0.0.0.0:* - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp 0 0 0.0.0.0:54952 0.0.0.0:* - udp 0 0 0.0.0.0:42797 0.0.0.0:* - udp 0 0 0.0.0.0:1900 0.0.0.0:* - udp 0 0 192.168.1.4:1900 0.0.0.0:* - udp 0 0 0.0.0.0:2049 0.0.0.0:* - udp6 0 0 :::40718 :::* - udp6 0 0 :::53 :::* - udp6 0 0 :::111 :::* - udp6 0 0 :::45354 :::* - udp6 0 0 :::41453 :::* - udp6 0 0 :::989 :::* - udp6 0 0 :::5353 :::* - udp6 0 0 :::50582 :::* - udp6 0 0 :::34671 :::* - udp6 0 0 :::59320 :::* -
Better still:
lsof -i udp:53
Which produces no output at all.