I ran an nmap scan on my home network and linux machine. There were a few suspicious ports open so I used the command netstat -tanp|grep LISTEN to investigate further. The output was that dnsmasq is listening on port 53. Why when I run the command apt-get remove dnsmasq linux is telling me that dnsmasq is not installed. Is this suspicious? How do I find out who is running dnsmasq on port 53? I've cd into the directory in which dnsmasq is located and its telling me its not installed.
1 Answer
... when I run the command apt-get remove dnsmasq"*
apt-get remove requires the package name, not a name of a program. On Debian/Ubuntu it might be dmasq-base instead
How do I find out who is running dnsmasq on port 53?
Look at the pid of the process from the netstat output and then check where this binary points to, i.e.
# netstat -tnlp
...
tcp 0 0 172.16.0.1:53 0.0.0.0:* LISTEN 1544/dnsmasq
# ls -l /proc/1544/exe
lrwxrwxrwx 1 root root 0 Aug 12 07:51 /proc/1544/exe -> /usr/sbin/dnsmasqThen check which package this belongs to:
# dpkg -S /usr/sbin/dnsmasq
dnsmasq-base: /usr/sbin/dnsmasq
