0

When I scan my ubuntu using nmap I get this result:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-10-20 10:40 EET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000097s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
443/tcp open  https
631/tcp open  ipp
902/tcp open  iss-realsecure

How do I know the service name which running on this port and stop or disable it using

$ systemctl disable SERVICE ?

Kristijan Iliev
  • 522
Mido
  • 1

1 Answers1

2

You can run sudo netstat -tlp will show you all open sockets, and what program is using these. We can combine this with grep to show which web server we have running:

sudo netstat -tlp | grep https
tcp6       0      0 [::]:https              [::]:*                  LISTEN      5541/apache2

We pass three parameters to netstat:

  1. -t asks for TCP sockets only, ignoring UDP.
  2. -l asks for listening sockets only, ignoring outgoing connections from e.g. your browser
  3. -p asks for program having the socket open.

In this case, apache2 is running, listening to https (on IPv6 on my box, as it is has native IPv6. If it had IPv4 in addition it would be listening to 0.0.0.0:https in addition).

In this case a sudo systemctl disable apache2 would disable Apache, and close the port. Note that this depends on what's actually listening. It may not even be a service.

That said, 902 and 443 reminds me of VMWare Workstation. Do you by any chance have that installed?

IPP is probably cups, and if you don't have any printers you can safely disable it. If you have printers, you need cups, but you can limit it to listen to only loopback interface or firewall it using ufw :)

vidarlo
  • 22,691
  • Also command as this could be used: sudo lsof -i -n -P +c 0 | grep ':443\|:631\|:902' to find which services use these ports. Source. – pa4080 Oct 20 '17 at 17:04