nmap netstat and libpepflashpla

Discuss the security implications of the various flavors of linux and unix

nmap netstat and libpepflashpla

Post by goatbeard on Mon Nov 06, 2017 8:19 am
([msg=94887]see nmap netstat and libpepflashpla[/msg])

Hello,
I'm not very experienced with linux, I'm trying to understand processes and services so I apologize in advance if I say/ask something stupid/banal.

I was looking through my open ports and running services and I realized that I don't get the same result when running nmap on my IP and netstat. Nmap shows :

Code: Select all
68/udp   open|filtered dhcpc
5353/udp open|filtered zeroconf


while netstat gives me :
Code: Select all
# netstat -tlunp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5939          0.0.0.0:*               LISTEN      1525/teamviewerd
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      1283/dnsmasq   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2499/libpepflashpla
udp        0      0 0.0.0.0:54948           0.0.0.0:*                           1283/dnsmasq   
udp        0      0 127.0.1.1:53            0.0.0.0:*                           1283/dnsmasq   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           1254/dhclient   
udp6       0      0 :::5353                 :::*                                2499/libpepflashpla


Furthermore, libpepflashpla has a lot of connections :
Code: Select all
# netstat -taunp | grep libpepflashpla
tcp        0      0 XXX:60402      216.58.205.66:443       ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:45266      46.51.197.89:443        ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:58696      216.58.198.14:443       ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:60990      104.20.26.42:443        ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:33166      192.0.73.2:443          ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:60618      151.101.1.69:443        ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:47530      192.168.1.86:8008       ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:54490      54.229.110.205:443      ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:45258      46.51.197.89:443        ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:52568      198.252.206.25:443      ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:48906      74.125.206.188:5228     ESTABLISHED 2499/libpepflashpla
tcp        0      0 XXX:60610      151.101.1.69:443        ESTABLISHED 2499/libpepflashpla
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2499/libpepflashpla
udp6       0      0 :::5353                 :::*                                2499/libpepflashpla

*where XXX is my local address
You'll notice one local address also, which is my TV (?!) :shock:

Also, when I try to disable it, I get :
Code: Select all
# systemctl stop libpepflashpla
Failed to stop libpepflashpla.service: Unit libpepflashpla.service not loaded.


Am I doing something wrong or ... ?
Is this normal ? Could this be a sign of an intrusion ?
I tried googling it, but haven't had any luck...

Thanks in advance :)
goatbeard
New User
New User
 
Posts: 2
Joined: Mon Nov 06, 2017 6:07 am
Blog: View Blog (0)


Re: nmap netstat and libpepflashpla

Post by LoGiCaL__ on Fri Nov 10, 2017 12:34 am
([msg=94901]see Re: nmap netstat and libpepflashpla[/msg])

Depends what nmap options you are running with the command.

You can try nmap -sS [127.0.0.1]

or

You could run nmap [127.0.0.1] or whatever ip and that would just bring back the most commonly used ports

or

You could run nmap -p- [127.0.0.1] or whatever ip and that would scann ALL ports.

Check this article out as it explains more in depth: http://bencane.com/2013/02/25/10-nmap-commands-every-sysadmin-should-know/

also

this which is even more in depth: https://neverendingsecurity.wordpress.com/2015/05/10/nmap-network-mapping-cheat-sheet/

Hope this helps!
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1080
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)



Return to *nix

Who is online

Users browsing this forum: No registered users and 0 guests