I downloaded the latest Kali VM for VMWare from OffSec and ran netstat -auntp to check for listening ports when I noticed that both port 111 was listening for incoming connections. I wanted to verify is this is normal since it feels odd to have rpcbind actively accepting connections. Would love feedback on this. Here's the output:



root@kali:~# netstat -auntp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/init
tcp6 0 0 :::111 :::* LISTEN 1/init
udp 0 0 0.0.0.0:68 0.0.0.0:* 641/dhclient
udp 0 0 0.0.0.0:111 0.0.0.0:* 1/init
udp6 0 0 :::111

root@kali:~# lsof -i -P -n | grep LISTEN
systemd 1 root 30u IPv4 14897 0t0 TCP *:111 (LISTEN)
systemd 1 root 32u IPv6 14901 0t0 TCP *:111 (LISTEN)

Did you google what this port is used for? A unix/linux os mapping port.

Yes I did but the question I have is why it's listening for incoming connections from any IP.

My guess you scanned a network and for some reason the service kept running. Used dsploit for instance

It's one of the systemd services. This is kinda confusing, systemd assumes the port.

List the services and figure out what services are running, then see if they have any port.

grep 111 /etc/services
It will show RPC, and there is a rpc service.
systemctl stop rpcbind.socket

It's one of the systemd services. This is kinda confusing, systemd assumes the port.

List the services and figure out what services are running, then see if they have any port.

grep 111 /etc/services
It will show RPC, and there is a rpc service.
systemctl stop rpcbind.socket

Thank you @Mister_X. Yeah I had already done that & stopped the service so thank you for the confirmation. My main concern is checking to see if it was necessary to have it running. I haven't seen any issues since disabling rpcbind yet.