Jump to content

does anyone know what this is ?

james92

By james92
in Security

 Share

Recommended Posts

james92 Newbie

james92

Posted
Posted

i installed an image of kali on an odroid xu done a lsof -i and havnt got a clue what this connection is

gnome-pan 3960 root 14u IPv4 11405 0t0 TCP kali:50818->a92-123-72-120.deploy.akamaitechnologies.com:http (ESTABLISHED)

when im sitting on my laptop witch is running kali and do lsof -i i get the following

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 3335 root 6u IPv4 10571 0t0 UDP *:bootpc
dhclient 3335 root 20u IPv4 10557 0t0 UDP *:47913


dhclient 3335 root 21u IPv6 10558 0t0 UDP *:37012

when i start my odroid up i get

root@kali:~# lsof -i

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 3045 root 8u IPv4 5906 0t0 UDP *:bootpc
dhclient 3045 root 20u IPv4 5889 0t0 UDP *:49623
dhclient 3045 root 21u IPv6 5890 0t0 UDP *:32345
ntpd 3377 ntp 16u IPv4 5985 0t0 UDP *:ntp
ntpd 3377 ntp 17u IPv6 5986 0t0 UDP *:ntp
ntpd 3377 ntp 18u IPv4 5992 0t0 UDP kali:ntp
ntpd 3377 ntp 19u IPv4 5993 0t0 UDP kali:ntp
ntpd 3377 ntp 20u IPv6 5994 0t0 UDP [fe80::1c65:37ff:fe41:5dc9]:ntp
ntpd 3377 ntp 21u IPv6 5995 0t0 UDP localhost:ntp
gnome-pan 3960 root 14u IPv4 11405 0t0 TCP kali:50818->a92-123-72-120.deploy.akamaitechnologies.com:http (ESTABLISHED)
vino-serv 3984 root 15u IPv6 10989 0t0 TCP *:5900 (LISTEN)
vino-serv 3984 root 16u IPv4 10990 0t0 TCP *:5900 (LISTEN)


vino-serv 3984 root 17u IPv6 9974 0t0 TCP *:5800 (LISTEN)

and on both of them im not doing anything just booted and done lsof -i

still learning all this stuff so go easy on me ha :)

Link to comment
Share on other sites
james92 Newbie

james92

Posted
  • Author
Posted (edited)

and also when i connect to the internet on my laptop and watch the connections being made with etherape thers none when im not doin anything

but when im on the odroid its communicating with a few diffrent places heres a list of shit and i havnt started the browser or anything

ns0.fredprod.com
relay.imagine.ie
scott.tssg.org
tbag.heanet.ie
149.157.192.5
193.1.31.66
54.229.222.210
54.194.18.100
duno if im being paro ha :D
Edited by james92
Link to comment
Share on other sites
THCMinister Newbie

THCMinister

Posted
Posted

I think you are being paranoid.

These are Broadcasts from the Network Time Protocol Daemon and the DHCP Client. Syncing time and communicating dhcp information/requests.

dhclient 3045 root 8u IPv4 5906 0t0 UDP *:bootpc
dhclient 3045 root 20u IPv4 5889 0t0 UDP *:49623
dhclient 3045 root 21u IPv6 5890 0t0 UDP *:32345
ntpd 3377 ntp 16u IPv4 5985 0t0 UDP *:ntp
ntpd 3377 ntp 17u IPv6 5986 0t0 UDP *:ntp
ntpd 3377 ntp 18u IPv4 5992 0t0 UDP kali:ntp
ntpd 3377 ntp 19u IPv4 5993 0t0 UDP kali:ntp
ntpd 3377 ntp 20u IPv6 5994 0t0 UDP [fe80::1c65:37ff:fe41:5dc9]:ntp
ntpd 3377 ntp 21u IPv6 5995 0t0 UDP localhost:ntp

Do you have something on your panel bar that conastantly display some sort of network info?

gnome-pan 3960 root 14u IPv4 11405 0t0 TCP kali:50818->a92-123-72-120.deploy.akamaitechnologies.com:http (ESTABLISHED)

This is from have a service listening on your machine(port 5900 is VNC, Ubuntu which is what Kali is based off of, uses vino-server for remote desktop)
vino-serv 3984 root 15u IPv6 10989 0t0 TCP *:5900 (LISTEN)
vino-serv 3984 root 16u IPv4 10990 0t0 TCP *:5900 (LISTEN)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...