2

when I make 

nmap localhost

I get 

PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind
631/tcp open  ipp
646/tcp open  unknown

what is the port 646 ?

JuanPablo
  • 913
  • 3
  • 10
  • 21

2 Answers2

5

You should be able to see whats running on that port with 

netstat -tunlp | grep 646

From the comments 

tcp     0     0     0.0.0.0:646     0.0.0.0:*     LISTEN     2584/rpc.statd

This indicates that rpc.statd (PID 2584) is listening on port 646. The rpc.statd process is part of the implementation of NFS.

user9517
  • 115,471
  • 20
  • 215
  • 297
4

Since the question has already been answered, I'll provide an answer with a little more background.

Nmap shows open ports by attempting to connect to them. If it receives a positive response, it reports the port as open, and gives a little more information (the SERVICE column) based on a table lookup in the nmap-services file. For ports that don't have an entry in that file, it reports unknown.

The operating system of the scanned machine knows all about what ports are open, since it has to handle the lower layers of network communication in order to hand the data off to the application (or program) that is listening for it. On Windows, Linux, and most *nix systems, users can get the information about open ports directly from the OS by using the netstat command. Further, with the -p option (-b on Windows), privileged users (e.g. root) can see the name and process ID (PID) that is using each port.

Nmap is not limited to looking up port information in nmap-services. When a user requests service version detection (-sV), Nmap sends data to the ports it discovers as open, then compares the responses to an extensive list of service fingerprints, generating more detailed information, like so:

PORT    STATE SERVICE            VERSION
646/tcp open  rstatd (rstatd V1) 1 (rpc #100001)
bonsaiviking
  • 4,420
  • 17
  • 26