What is MonkeyCom on port 9898?

Question

In /etc/services on a few machines I've checked, port 9898 is associated with a service called MonkeyCom:

monkeycom   9898/udp     # MonkeyCom
monkeycom   9898/tcp     # MonkeyCom

The first reference I found in a google search for MonkeyCom says it's part of the Sasser virus. That seems like a misinterpretation to me -- it's more likely that Sasser is using 9898 but that there's some older service called MonkeyCom which originally got the assignment.

Who can tell me what MonkeyCom is?

score 9 · Answer 1 · answered May 15 '11 at 04:48

9

Tripwire Enterprise uses 9898 as it's default port for communication between server and agent.

answered May 15 '11 at 04:48

whodevil

91
1
1

I can conrirm that the tripwire agent is running on this port with an enterprise license on my machines. I would have voted up the first tripwire suggestion but don't have the rep points yet. – Jul 08 '13 at 21:07

score 8 · Accepted Answer · answered Oct 08 '10 at 18:31

8

MonkeyCom is (or was - as far as I can determine it is now defunct) a videophone/file transfer program.
As far as I can determine nothing legitimate is currently using port 9898 - it's pretty much just Sasser and a few other bits of nasty.

answered Oct 08 '10 at 18:31

voretaq7

79,879
17
130
214

Do you have a source for that defunct videophone program or the reference to it? – Doug Harris Oct 08 '10 at 19:54
http://www.serverwatch.com/tutorials/article.php/10825_3521746_2/Whats-All-That-Text-Mean--Learn-Linux-Logging.htm is the most authoritative one I found. The referenced site is long gone however & makes no mention of the MonkeyCom product. – voretaq7 Oct 08 '10 at 21:03
1

Old but still useful thread. -- Consider `pgpool` as a prime candidate to be the root-cause for this false positive. As suggested by @JoeVanDyk below, `lsof | grep ":9898"` or `lsof -i :9898` may not reveal 'pgpool' even though its is installed as middleware and part of a `posgresql` setup. Better look at yr FW activity log to see what really makes yr 9898 TCP port look busy/open. `nmap` will sometimes report "monkeycom" as the associated application, a false positive for a "Dabber/Sasser" type worm infection (prevalent among M$ Win users). "False" as in _it is really not there_ ! – Cbhihe Jul 22 '16 at 13:04
Thank the Internet Archive for this page: https://web.archive.org/web/20040603165425/http://www.random-grp.com/kuwatec/Products/MonkeyCom/. Using Google translate, the opening description says "MonkeyCom is a personal communication tool that allows you to easily transfer files between two computers connected via a telephone line using a modem or directly connected via serial cable or network." – Doug Harris Nov 14 '17 at 19:55
9898 port is used in Xiaomi Mi Smart Home Hub device (if enabled). – naXa stands with Ukraine Jun 04 '20 at 16:40

score 3 · Answer 3 · answered May 13 '11 at 21:02

3

pgpool might be using that port.

You can do a "lsof | grep 9898" and check.

answered May 13 '11 at 21:02

Joe Van Dyk

281
1
2
6

Or lsof -i :9898 – mugen kenichi Oct 19 '11 at 12:51
+1 for mentioning `pgpool`. – Cbhihe Jul 22 '16 at 12:55

score 0 · Answer 4 · answered Oct 12 '10 at 22:16

0

The definitive source for Port Assignments is IANA http://www.iana.org/assignments/port-numbers from which you can find a name and email address of someone who might know the answer to your question. More probably the email address is no longer valid :-(

answered Oct 12 '10 at 22:16

RedGrittyBrick

3,832
1
17
23

score 0 · Answer 5 · answered Dec 29 '13 at 19:31

0

Echoing RedGrittyBrick's point. Came across the same. MonkeyCom is a port association for a legitimate program which is likely also exploited in other instances.

Check out the following listing for a bit more detail

answered Dec 29 '13 at 19:31

BitPusher

111
1

What is MonkeyCom on port 9898?

5 Answers5