[techtalk] port purposes...

[Laurel Fan]

Finding out what process is actually using the port might help.
Assuming this is your machine that you're trying to find out about,
and you have root, you can use 'lsof' (LiSt Open Files) to check what
has things open.  Something listening on a tcp port will show up like:

inetd       172   root    6u  IPv4        295               TCP *:smtp (LISTEN)

Which means that the process named inetd, with pid 172, owned by root,
using file descriptor 6, has an open file of type IPv4, of size 295 (I
don't know what size means in this context), that's tcp, is on *:smtp
(any address, smtp port), and is in state LISTEN (which means it's an
'open port', it's waiting for connections to it).

On linux, you can also do 'netstat -ap' for something similar.. this
leaves out the non-socket files, so it's somewhat easier to read.

Once you find out what process it is, you can find the program.  lsof
also shows you which program it is, since a process has a file open for
the program, for example:

inetd       172   root  txt    REG        3,3   18352     40983 /usr/sbin/inetd

(the txt in the 4th column means that this is the program text,
ie. the program).  You can also get lots of interesting stuff like the
working directory (an entry with cwd in the 4th column).

After that, you can try to figure out where it came from.. for example
in debian I can do:

> dpkg -S /usr/sbin/inetd
netbase: /usr/sbin/inetd

to tell dpkg to search the package database for the file
/usr/sbin/inetd, which it tells me is from the package netbase.

There's probably something similar for other package managers as well.