On Sun, Jul 22, 2012 at 4:44 PM, Joe <joe@jretrading.com> wrote:
> On Sun, 22 Jul 2012 16:37:16 +0800
> lina <lina.lastname@gmail.com> wrote:
>
>>
>> P.S I also found
>>
>> tcp 0 0 127.0.0.1:631 0.0.0.0:*
>> LISTEN tcp 0 0 127.0.0.1:25
>> 0.0.0.0:* LISTEN tcp 0 0
>> 0.0.0.0:538 0.0.0.0:* LISTEN
>>
>>
>> 631 is for network printer, I am confused why it need LISTEN here, I
>> only print once or twice each month.
>>
>> What 538 is for? I googled, but I don't have gdomap
>> installed, strange?
>>
>
> Run netstat -tupan as root, and it will also show you the processes
> associated with the ports. The -p does that, and as root, it will show
> all processes, not just yours.
no gdomap installed,
# dpkg -L gdomap
Package `gdomap' is not installed.
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
But # which gdomap
/usr/bin/gdomap
Thanks,
P.S if you notice something abnormal form the netstat, please feel
free to let me know.
Best regards,
>
> --
> Joe
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20120722094412.3cdc0f61@jretrading.com
>
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAG9cJmkoWEn=E38w7yvO_Wu5sxUoAxeGuqRA+_mTOHMBw5dyj w@mail.gmail.com
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAG9cJm=__m6UWqZKRHG3Svy=6Pjk3Z237n-pnjpj=gHJW6ta0A@mail.gmail.com
07-22-2012, 09:18 AM
Joe
is it rational to close the 139 port
On Sun, 22 Jul 2012 16:44:13 +0800
lina <lina.lastname@gmail.com> wrote:
>
> Checked, now only 22 80 open with 443 closed.
> another thing is that the nmap can scan my MAC address correctly.
> is it bad? (I guess I will feel comfortable if the MAC address is
> hidden)
>
All network communication is actually based on MAC addresses, if it
can't be seen, you can't talk.
Try arp -a as root to see what other computers yours has recently
talked to. A cache is kept to speed things up, but only for a few
minutes, otherwise your computer has to broadcast to look up a link
between IP address and MAC.
If you have a rainy afternoon to while away, install Wireshark and have
a play with it. Try various network connections while a capture is
running, and play with the filtering. One day you will need to use it
in anger.
Here is a fragment of a capture showing my workstation trying to find
the server using the ARP protocol. It hasn't connected for a time, so
the server isn't in its cache:
No. Time Source Destination Protocol Length Info
5 5.007111000 Giga-Byt_xx:xx:xx Hewlett-_xx:xx:xx ARP 42
Who has 192.168.99.3? Tell 192.168.99.101
6 5.007315000 Hewlett-_xx:xx:xx Giga-Byt_xx:xx:xx ARP 60
192.168.99.3 is at xx:xx:xx:xx:xx:xx
Sorry about the wrap, but email isn't designed for this sort of thing.
Note that the first half of the MAC is a vendor ID, and Wireshark
decodes it.
--
Joe
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120722101816.4e778926@jretrading.com">http://lists.debian.org/20120722101816.4e778926@jretrading.com
is it rational to close the 139 port
