Menu
What's new
By:
Filters Better Search

TCP listening sockets according to netstat

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

David Arnstein

David Arnstein

Regular Contributor
I have a RT-AC68U with Merlin firmware (latest production version. I used the netstat tool that is a feature of the router GUI. I found a few listening sockets open, which I don't recognize:

Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7788 0.0.0.0:* LISTEN

I don't have any reason to believe that this behavior is specific to Merlin firmware, but that is what I have, so here I am in this forum. What are these sockets being used for? Can I close them?

Using nmap from a machine on my LAN, I also see that ports 515/tcp and 9100/tcp are open. These ports generally support printing services, which I don't use on this router. I would like to close these ports too. Possible?
 
Upgrade to 384.6. Netstat now supports the -p flag, which tells you which process is bound to each port/socket.
 
  • Like
Reactions: kfp
Thanks Merlin. Here is the improved list of listening ports. I removed mention of ports that are only open for localhost. I also removed expected ports such as 53 (DNS).

What remains still looks like a lot. If anyone knows how to close off unused ports, please post.

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5473 0.0.0.0:* LISTEN 524/u2ec
tcp 0 0 0.0.0.0:18017 0.0.0.0:* LISTEN 204/wanduck
tcp 0 0 0.0.0.0:3394 0.0.0.0:* LISTEN 524/u2ec
tcp 0 0 192.168.0.1:515 0.0.0.0:* LISTEN 525/lpd
tcp 0 0 192.168.0.1:9100 0.0.0.0:* LISTEN 525/lpd
tcp 0 0 0.0.0.0:7788 0.0.0.0:* LISTEN 343/cfg_server
tcp 0 0 192.168.0.1:3838 0.0.0.0:* LISTEN 525/lpd
udp 0 0 0.0.0.0:9999 0.0.0.0:* 256/infosvr
udp 0 0 0.0.0.0:42000 0.0.0.0:* 212/eapd
udp 0 0 0.0.0.0:45881 0.0.0.0:* 252/avahi-daemon: r
udp 0 0 0.0.0.0:67 0.0.0.0:* 247/dnsmasq
udp 0 0 0.0.0.0:46164 0.0.0.0:* 126/syslogd
udp 0 0 0.0.0.0:5474 0.0.0.0:* 524/u2ec
udp 0 0 0.0.0.0:18018 0.0.0.0:* 204/wanduck
udp 0 0 0.0.0.0:7788 0.0.0.0:* 343/cfg_server
udp 0 0 0.0.0.0:38000 0.0.0.0:* 212/eapd
udp 0 0 0.0.0.0:59000 0.0.0.0:* 212/eapd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 252/avahi-daemon: r
udp 0 0 0.0.0.0:5355 0.0.0.0:* 252/avahi-daemon: r
udp 0 0 0.0.0.0:43000 0.0.0.0:* 212/eapd
 
The only things you might want to stop are the avahi-daemon (mDNS/DNS-SD) if you don't have Apple devices, and lpd/u2ec if you don't have an attached USB printer. If you make changes in the GUI it's likely that some of these services will restart. The other services are required.
Code: 
# service stop_mdns
# service stop_lpd
# service stop_u2ec
 
They're all firmware-related services. You cannot "close them".
 
You must log in or register to reply here.

Similar threads

T
Web GUI is not working
Replies
3
Views
7K
ColinTaylor
C
M
  • Locked
Solved aaews open two port random
Replies
2
Views
497
Miguel
M
cherio
How and where to shutdown unnecessary services and ports
Replies
10
Views
2K
DJones
D
garycnew
Asuswrt-Merlin Port 80 DNAT's
Replies
12
Views
2K
garycnew
garycnew
H
Solved Bug Open TCP Ports 5152 / 7788 / 18017 [User Error]
Replies
11
Views
6K
tomaskcz
T
Similar threads
Thread starter Title Forum Replies Date
M Solved OpenVPN not working with UDP anymore; TCP works Asuswrt-Merlin 7
D DNS over TCP to router on guest network not working Asuswrt-Merlin 24
S TCP VPN Issue 388.2.2 Asuswrt-Merlin 3
K RT-AX88U and TCP smart bulbs Asuswrt-Merlin 34

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 921 (members: 20, guests: 901)
Top