Results 1 to 3 of 3

Thread: Weird process permanently open new port?

  1. #1
    Join Date
    2022-May
    Posts
    2

    Weird process permanently open new port?

    Latest Kali KDE.

    Weird process permanently open new port and can't find what process doing that.
    I close that port, but after few second new port open.

    Can you help?
    What process do that, why and what to do?

    ──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:42935 0.0.0.0:* LISTEN 1768/containerd

    ┌──(kali㉿kali)-[~]
    └─$ sudo ss --kill state listening src :42935
    Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
    tcp 0 4096 127.0.0.1:42935 0.0.0.0:*

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:36029 0.0.0.0:* LISTEN 1862/containerd

    ┌──(kali㉿kali)-[~]
    └─$ sudo ss --kill state listening src :36029
    Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
    tcp 0 4096 127.0.0.1:36029 0.0.0.0:*

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:34005 0.0.0.0:* LISTEN 1896/containerd

    ┌──(kali㉿kali)-[~]
    └─$ sudo ss --kill state listening src :34005
    Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
    tcp 0 4096 127.0.0.1:34005 0.0.0.0:*

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:45513 0.0.0.0:* LISTEN 1929/containerd

    ┌──(kali㉿kali)-[~]
    └─$ sudo ss --kill state listening src :45513
    Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
    tcp 0 4096 127.0.0.1:45513 0.0.0.0:*

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:37875 0.0.0.0:* LISTEN 1963/containerd

    ┌──(kali㉿kali)-[~]
    └─$ sudo ss --kill state listening src :37875
    Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
    tcp 0 4096 127.0.0.1:37875 0.0.0.0:*

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

    ┌──(kali㉿kali)-[~]
    └─$ sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 127.0.0.1:41427 0.0.0.0:* LISTEN 2001/containerd

    ┌──(kali㉿kali)-[~]
    └─$

  2. #2
    Join Date
    2020-Mar
    Posts
    2
    Containerd is making it sound like it's docker which likely has a root cron restarting it should the process crash or be killed. You could try
    Code:
    sudo ss -tulpn
    and then
    Code:
    cat /proc/<pid>/cmdline
    or you could check root's crontab for either docker and/or containerd. If you find them as services you could disable them but be advised that means they will need to be started if you want/need to use docker. Not sure if docker handles starting those services natively.

  3. #3
    Join Date
    2022-May
    Posts
    2
    It is docker

Similar Threads

  1. Help to Delete IP Route Permanently
    By vvarrior in forum ARM Archive
    Replies: 0
    Last Post: 2020-10-04, 09:59
  2. Openvpn Usage on Kali as Open port tools.
    By Sopykt in forum General Archive
    Replies: 0
    Last Post: 2016-05-06, 19:01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •