New on LowEndTalk? Please Register and read our Community Rules.
Nmap - Linux SNMP Multiplexer, port 199?
I'm getting some weird results on one of my vps while doing an NMAP scan:
NSE: Script scanning 178.209.51.63.
Initiating NSE at 10:05
Completed NSE at 10:05, 5.08s elapsed
Nmap scan report for vps12.sparklingclouds.nl (178.209.51.63)
Host is up (0.041s latency).
Not shown: 65521 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
37/tcp filtered time
80/tcp open http lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
199/tcp open smux Linux SNMP multiplexer
443/tcp open ssl/http lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
| ssl-cert: Subject: commonName=raymii.org
| Issuer: commonName=PositiveSSL CA 2/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2012-06-24T23:00:00+00:00
| Not valid after: 2014-06-25T22:59:59+00:00
| MD5: 62b0 2d8d ab9a 8822 45ab d042 ba27 2fe3
|_SHA-1: a01b 894d 1257 9d88 efce 97d2 7107 f380 b05f 5968
|_ssl-date: 2012-12-30T09:05:53+00:00; 0s from local time.
445/tcp filtered microsoft-ds
3100/tcp open unknown
4949/tcp open tcpwrapped
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.32 - 2.6.35
Uptime guess: 104.140 days (since Mon Sep 17 07:44:58 2012)
Network Distance: 11 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
I don't know what the port 199 and port 3100 are (Linux SNMP Multiplexer), and when doing a netstat -tulpen on the host I don't see them:
---[vps12][~]
|----> sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 3887238881 13554/lighttpd
tcp 0 0 0.0.0.0:4949 0.0.0.0:* LISTEN 0 42890154 32100/munin-node
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 1400703131 30937/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 3887238882 13554/lighttpd
Also not running anything weird, via ps aux...
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.5 8356 664 ? Ss Sep19 46:04 init [2]
root 8159 0.0 2.1 8252 2772 ? Ss 09:15 0:00 sshd: remy [priv]
remy 8264 0.0 1.1 8396 1468 ? S 09:15 0:00 sshd: [email protected]/32
remy 8273 0.0 1.2 2996 1648 pts/32 Ss 09:15 0:00 -bash
www-data 13554 0.0 2.6 8896 3424 ? S Dec10 0:57 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
www-data 13557 0.0 2.6 17816 3456 ? Ss Dec10 0:00 /usr/bin/php-cgi
www-data 13579 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13580 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13581 0.0 2.6 18072 3480 ? S Dec10 0:02 /usr/bin/php-cgi
www-data 13582 0.0 2.6 18072 3484 ? S Dec10 0:02 /usr/bin/php-cgi
postfix 15587 0.0 1.3 5788 1748 ? S 08:50 0:00 pickup -l -t fifo -u -c
postfix 22969 0.0 2.0 6280 2680 ? S Dec27 0:00 tlsmgr -l -t unix -u -c
remy 23889 0.0 0.6 2348 916 pts/32 R+ 09:21 0:00 ps aux
root 30937 0.0 1.3 5772 1832 ? Ss Dec27 0:00 /usr/lib/postfix/master
postfix 30942 0.0 1.4 5832 1932 ? S Dec27 0:00 qmgr -l -t fifo -u
root 31725 0.0 0.3 1872 512 ? Ss Sep19 8:30 /usr/sbin/vnstatd -d
root 31727 0.0 0.8 20128 1148 ? Sl Sep19 1:42 /usr/sbin/rsyslogd -c4
root 31770 0.0 0.5 5488 668 ? Ss Sep19 0:06 /usr/sbin/sshd
root 32100 0.0 3.8 7144 5040 ? Ss Sep19 6:39 /usr/sbin/munin-node
Anybody has some info on the port 199 and 3100 stuff?
Comments
It is running on Vserver, from Edis.at, does that have to do anything with it? @William?
Is snmpd running?
Nope.
Well then, now I'm curious.
Isn't SNMP in the kernel?
It is not enabled on any of my other servers, or on any company servers I manage, the port numbers are also unknown to me...
Maybe it's Edis tracking BW?
** edit.. showing hosts on the /24 where 199 is open:
Jonathans-MacBook-Pro:~ jbrown$ nmap -p 199 --open -sV 178.209.51.0/24
Starting Nmap 6.25 ( http://nmap.org ) at 2012-12-30 09:09 EST
Nmap scan report for 8-51-209-178.static.edis.at (178.209.51.8)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 11-51-209-178.static.edis.at (178.209.51.11)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 24-51-209-178.static.edis.at (178.209.51.24)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 30-51-209-178.static.edis.at (178.209.51.30)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 31-51-209-178.static.edis.at (178.209.51.31)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for ns1.nexc.net (178.209.51.35)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 39-51-209-178.static.edis.at (178.209.51.39)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 48-51-209-178.static.edis.at (178.209.51.48)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 50-51-209-178.static.edis.at (178.209.51.50)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for zuerich.dynip.name (178.209.51.51)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 55-51-209-178.static.edis.at (178.209.51.55)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 62-51-209-178.static.edis.at (178.209.51.62)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for vps12.sparklingclouds.nl (178.209.51.63)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 66-51-209-178.static.edis.at (178.209.51.66)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 68-51-209-178.static.edis.at (178.209.51.68)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 71-51-209-178.static.edis.at (178.209.51.71)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 85-51-209-178.static.edis.at (178.209.51.85)
Host is up (0.19s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 94-51-209-178.static.edis.at (178.209.51.94)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 98-51-209-178.static.edis.at (178.209.51.98)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 107-51-209-178.static.edis.at (178.209.51.107)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for srv14.arcsine.com.au (178.209.51.108)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 115-51-209-178.static.edis.at (178.209.51.115)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for aray.splitcube.com (178.209.51.118)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for edns.mueri.ch (178.209.51.123)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 124-51-209-178.static.edis.at (178.209.51.124)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 164-51-209-178.static.edis.at (178.209.51.164)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 172-51-209-178.static.edis.at (178.209.51.172)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 178-51-209-178.static.edis.at (178.209.51.178)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 182-51-209-178.static.edis.at (178.209.51.182)
Host is up (0.18s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 190-51-209-178.static.edis.at (178.209.51.190)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 199-51-209-178.static.edis.at (178.209.51.199)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 203-51-209-178.static.edis.at (178.209.51.203)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 228-51-209-178.static.edis.at (178.209.51.228)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 236-51-209-178.static.edis.at (178.209.51.236)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 237-51-209-178.static.edis.at (178.209.51.237)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 239-51-209-178.static.edis.at (178.209.51.239)
Host is up (0.17s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 243-51-209-178.static.edis.at (178.209.51.243)
Host is up (0.15s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Nmap scan report for 246-51-209-178.static.edis.at (178.209.51.246)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
199/tcp open smux?
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (225 hosts up) scanned in 321.29 seconds
@William Maybe you can explain?
Yes, thats normal on VServer - It does not run on the container, it runs on the host.
Thank you for the explanation. What does it do, and what is it used for? Just SNMP?