Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Nmap - Linux SNMP Multiplexer, port 199?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Nmap - Linux SNMP Multiplexer, port 199?

RaymiiRaymii Member
edited December 2012 in General

I'm getting some weird results on one of my vps while doing an NMAP scan:

NSE: Script scanning 178.209.51.63.
Initiating NSE at 10:05
Completed NSE at 10:05, 5.08s elapsed
Nmap scan report for vps12.sparklingclouds.nl (178.209.51.63)
Host is up (0.041s latency).
Not shown: 65521 closed ports
PORT     STATE    SERVICE      VERSION
25/tcp   filtered smtp
37/tcp   filtered time
80/tcp   open     http         lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
199/tcp  open     smux         Linux SNMP multiplexer
443/tcp  open     ssl/http     lighttpd
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_http-title: Did not follow redirect to https://raymii.org/cms/p_start
| ssl-cert: Subject: commonName=raymii.org
| Issuer: commonName=PositiveSSL CA 2/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2012-06-24T23:00:00+00:00
| Not valid after:  2014-06-25T22:59:59+00:00
| MD5:   62b0 2d8d ab9a 8822 45ab d042 ba27 2fe3
|_SHA-1: a01b 894d 1257 9d88 efce 97d2 7107 f380 b05f 5968
|_ssl-date: 2012-12-30T09:05:53+00:00; 0s from local time.
445/tcp  filtered microsoft-ds
3100/tcp open     unknown
4949/tcp open     tcpwrapped
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.32 - 2.6.35
Uptime guess: 104.140 days (since Mon Sep 17 07:44:58 2012)
Network Distance: 11 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

I don't know what the port 199 and port 3100 are (Linux SNMP Multiplexer), and when doing a netstat -tulpen on the host I don't see them:

---[vps12][~]
|----> sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          3887238881  13554/lighttpd  
tcp        0      0 0.0.0.0:4949            0.0.0.0:*               LISTEN      0          42890154    32100/munin-node
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          1400703131  30937/master    
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      0          3887238882  13554/lighttpd    

Also not running anything weird, via ps aux...

    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.5   8356   664 ?        Ss   Sep19  46:04 init [2]  
root      8159  0.0  2.1   8252  2772 ?        Ss   09:15   0:00 sshd: remy [priv]
remy      8264  0.0  1.1   8396  1468 ?        S    09:15   0:00 sshd: remy@pts/32
remy      8273  0.0  1.2   2996  1648 pts/32   Ss   09:15   0:00 -bash
www-data 13554  0.0  2.6   8896  3424 ?        S    Dec10   0:57 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
www-data 13557  0.0  2.6  17816  3456 ?        Ss   Dec10   0:00 /usr/bin/php-cgi
www-data 13579  0.0  2.6  18072  3480 ?        S    Dec10   0:02 /usr/bin/php-cgi
www-data 13580  0.0  2.6  18072  3480 ?        S    Dec10   0:02 /usr/bin/php-cgi
www-data 13581  0.0  2.6  18072  3480 ?        S    Dec10   0:02 /usr/bin/php-cgi
www-data 13582  0.0  2.6  18072  3484 ?        S    Dec10   0:02 /usr/bin/php-cgi
postfix  15587  0.0  1.3   5788  1748 ?        S    08:50   0:00 pickup -l -t fifo -u -c
postfix  22969  0.0  2.0   6280  2680 ?        S    Dec27   0:00 tlsmgr -l -t unix -u -c
remy     23889  0.0  0.6   2348   916 pts/32   R+   09:21   0:00 ps aux
root     30937  0.0  1.3   5772  1832 ?        Ss   Dec27   0:00 /usr/lib/postfix/master
postfix  30942  0.0  1.4   5832  1932 ?        S    Dec27   0:00 qmgr -l -t fifo -u
root     31725  0.0  0.3   1872   512 ?        Ss   Sep19   8:30 /usr/sbin/vnstatd -d
root     31727  0.0  0.8  20128  1148 ?        Sl   Sep19   1:42 /usr/sbin/rsyslogd -c4
root     31770  0.0  0.5   5488   668 ?        Ss   Sep19   0:06 /usr/sbin/sshd
root     32100  0.0  3.8   7144  5040 ?        Ss   Sep19   6:39 /usr/sbin/munin-node

Anybody has some info on the port 199 and 3100 stuff?

Comments

  • It is running on Vserver, from Edis.at, does that have to do anything with it? @William?

  • jarjar Patron Provider, Top Host, Veteran

    Is snmpd running?

  • Nope.

  • jarjar Patron Provider, Top Host, Veteran

    @Raymii said: Nope.

    Well then, now I'm curious.
    image

  • Isn't SNMP in the kernel?

  • @BronzeByte said: Isn't SNMP in the kernel?

    It is not enabled on any of my other servers, or on any company servers I manage, the port numbers are also unknown to me...

  • twaintwain Member
    edited December 2012

    Maybe it's Edis tracking BW?

    ** edit.. showing hosts on the /24 where 199 is open:

    Jonathans-MacBook-Pro:~ jbrown$ nmap -p 199 --open -sV 178.209.51.0/24

    Starting Nmap 6.25 ( http://nmap.org ) at 2012-12-30 09:09 EST
    Nmap scan report for 8-51-209-178.static.edis.at (178.209.51.8)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 11-51-209-178.static.edis.at (178.209.51.11)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 24-51-209-178.static.edis.at (178.209.51.24)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 30-51-209-178.static.edis.at (178.209.51.30)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 31-51-209-178.static.edis.at (178.209.51.31)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for ns1.nexc.net (178.209.51.35)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 39-51-209-178.static.edis.at (178.209.51.39)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 48-51-209-178.static.edis.at (178.209.51.48)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 50-51-209-178.static.edis.at (178.209.51.50)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for zuerich.dynip.name (178.209.51.51)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 55-51-209-178.static.edis.at (178.209.51.55)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 62-51-209-178.static.edis.at (178.209.51.62)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for vps12.sparklingclouds.nl (178.209.51.63)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 66-51-209-178.static.edis.at (178.209.51.66)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 68-51-209-178.static.edis.at (178.209.51.68)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 71-51-209-178.static.edis.at (178.209.51.71)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 85-51-209-178.static.edis.at (178.209.51.85)
    Host is up (0.19s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 94-51-209-178.static.edis.at (178.209.51.94)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 98-51-209-178.static.edis.at (178.209.51.98)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 107-51-209-178.static.edis.at (178.209.51.107)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for srv14.arcsine.com.au (178.209.51.108)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 115-51-209-178.static.edis.at (178.209.51.115)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for aray.splitcube.com (178.209.51.118)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for edns.mueri.ch (178.209.51.123)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 124-51-209-178.static.edis.at (178.209.51.124)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 164-51-209-178.static.edis.at (178.209.51.164)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 172-51-209-178.static.edis.at (178.209.51.172)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 178-51-209-178.static.edis.at (178.209.51.178)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 182-51-209-178.static.edis.at (178.209.51.182)
    Host is up (0.18s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 190-51-209-178.static.edis.at (178.209.51.190)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 199-51-209-178.static.edis.at (178.209.51.199)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 203-51-209-178.static.edis.at (178.209.51.203)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 228-51-209-178.static.edis.at (178.209.51.228)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 236-51-209-178.static.edis.at (178.209.51.236)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 237-51-209-178.static.edis.at (178.209.51.237)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 239-51-209-178.static.edis.at (178.209.51.239)
    Host is up (0.17s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 243-51-209-178.static.edis.at (178.209.51.243)
    Host is up (0.15s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Nmap scan report for 246-51-209-178.static.edis.at (178.209.51.246)
    Host is up (0.16s latency).
    PORT STATE SERVICE VERSION
    199/tcp open smux?

    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 256 IP addresses (225 hosts up) scanned in 321.29 seconds

  • @William Maybe you can explain?

  • WilliamWilliam Member
    edited December 2012

    Yes, thats normal on VServer - It does not run on the container, it runs on the host.

  • @William said: Yes, thats normal on VServer - It does not run on the container, it runs on the host.

    Thank you for the explanation. What does it do, and what is it used for? Just SNMP?

Sign In or Register to comment.