Hi,

I am trying to close all possible ports on my solaris and linux servers.
I am stuck on the following ports on both Solaris 10 (local zone) and Linux (Suse) servers.
Here is nmap output :

PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1720/tcp open H.323/Q.931
1863/tcp open unknown

PORT STATE SERVICE
22/tcp open ssh
1720/tcp open H.323/Q.931
1863/tcp open unknown
8080/tcp open http-proxy

As you can see in bold on both servers I got 1720/tcp and 1863/tcp ports (telnet as well shows that it is listening).

Do anybody knows what is listening on these ports ?
I try to keep only ssh and web ports.

(I tried lsof/netstat/fuser and stuff but no result with these ports).

Thanks.

Don't quote me (and don't know if it'll help to much) but I think if I remember correctly it has port 1720 is some kind of VoIP, maybe that was on a Windows system.
~~~~~

OK had me thinking if I remembered correctly and I found the following information from http://www.voipvoice.com/faq.html (hope it's OK to post the link ) - it's the 3rd last question asked and might provide you with a little more information.

For H.323 (MS Netmeeting etc…)

* TCP port 1720 (H.225 call signalling for hosts)
* TCP ports 11000 to 65535 (H.245 capability exchange)
* UDP ports 16384 to 32767 RTP audio stream)

For H.323 (Callserve)

* UDP port 1719 (Callserve signalling)
* TCP port 1720 (Callserve signalling)
* UDP ports 5000 to 65535 (RTP audio stream)

On the Linux machine, check the output of The '-p' switch will show you which process is the owner of the port.

Thanks for the answer.
I am dubious about solaris/linux having msn and h323 protocols out of the box :-)
I check netstat but nothing about this ports.
So still no clue about how to close this ports.

Finally I got it !
The pb was not on the machine itself but a FW between my scanner and the host.
Too bad :-)

just to mention, if you have a similar problem in the future, use lsof (in every linux standard repo, for aix available in the linux toolbox)

lsof -i TCP -l


for example