nmap 显示奇怪的开放端口

tag-icon tag-icon netstat nmap port-scanning
nmap 显示奇怪的开放端口

在我的本地主机上运行 nmap 显示了奇怪的开放端口:

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00047s latency).
All 65535 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 2.51 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE
36642/tcp open  unknown
50826/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 2.55 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00050s latency).
Not shown: 65531 closed ports
PORT      STATE SERVICE
37700/tcp open  unknown
46694/tcp open  unknown
48334/tcp open  unknown
53438/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 2.60 seconds

$ nmap -p- localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-28 12:14 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
All 65535 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 2.51 second

正如此输出所示,开放端口似乎变化很快且随机。如果我以正确的方式解释输出,我无法通过 netstat 看到这些端口:

$ sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      0          17081       809/dnsmasq     
udp        0      0 0.0.0.0:5449            0.0.0.0:*                           0          30885       2855/dhclient   
udp        0      0 127.0.1.1:53            0.0.0.0:*                           0          17080       809/dnsmasq     
udp        0      0 0.0.0.0:68              0.0.0.0:*                           0          30321       2855/dhclient   
udp        0      0 0.0.0.0:45170           0.0.0.0:*                           107        15289       606/avahi-daemon: r
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          15931       636/cups-browsed
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           107        15287       606/avahi-daemon: r
udp6       0      0 :::34146                :::*                                107        15290       606/avahi-daemon: r
udp6       0      0 :::55654                :::*                                0          30886       2855/dhclient   
udp6       0      0 :::5353                 :::*                                107        15288       606/avahi-daemon: r

我尝试使用 lsof 来调查这些端口,但是没有结果,我猜当 nmap 返回时,该端口不再开放:

lsof -i :`nmap -p- localhost|grep '/tcp'|cut -d'/' -f1|head -n1`

我可以做些什么来进一步调查这个问题?我有必要担心吗?这是正常的吗?我是否应该怀疑有恶意进程正在运行?

请注意问答有所不同,因为我在本地机器上运行所有东西。

答案1

这是 Nmap 6.40 - 6.47 中的一个错误,我详细讨论过StackOverflow 上的一个答案。自 6.49BETA 系列以来,该问题已得到修复,因此升级到最新的 Nmap(撰写本文时版本为 7.01)将解决该问题。

相关内容