一次偶然事件,我检查某台服务器系统时发现一个从来没见过的端口处于监听(LISTEN)状态,于是开始仔细检查系统。

[root@db097 ~]# netstat -lnpt | grep 7979
tcp 0 0 0.0.0.0:7979 0.0.0.0:* LISTEN -

进程里什么都没有,试了多种办法试着去找一下,都是一样的结果。

[root@db097 ~]# lsof -i:7979

 

google了半天,最后一段话提示了我:

I realized it’s an port opened by kernel, that’s why it won’t show up with program name. For the port like this, it may relate to NFS and OCFS stuff, or something like that, or it could be a kernel bug. If you need to find more details, check kernel logs for OOPS and bug.

 

应该是内核的问题,可能是和NFS有关,因为我也在使用NFS,或者别的可能性,总之大概是内核的bug,愿意细节的同学,建议去搜索一下内核log。

nmap扫下确认一下:

[root@db097 ~]# nmap -sV -p 7979 localhost
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2015-06-12 21:41 EDT
Interesting ports on db097.surrey.com (127.0.0.1):
PORT STATE SERVICE VERSION
7979/tcp open rpc
Nmap finished: 1 IP address (1 host up) scanned in 6.033 seconds

本文参考:http://www.admon.org/faqs/why-network-port-is-open-but-no-process-attached/