Abnormal port request on Linux system

Question

I am using Debian Buster and Android 9.

Checking the network activities I noticed that it scans many ports.

How can I determine who is the cause or if this is normal?

I connect the mobile phone to the PC in hotspot.

sudo iptraf-ng

output:

Thu Mar 18 04:59:58 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:35485 to _gateway:domain
Thu Mar 18 04:59:59 2021; TCP; eno1; 60 bytes; from 192.168.1.100:57676 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 04:59:59 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 04:59:59 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:58772 to _gateway:domain
Thu Mar 18 04:59:59 2021; ICMP; eno1; 84 bytes; source MAC address MAC:MY:PC; from MyHostNamePC to 192.168.1.0; echo req
Thu Mar 18 05:00:00 2021; UDP; eno1; 70 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:46329 to _gateway:domain
Thu Mar 18 05:00:00 2021; UDP; eno1; 70 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:46329 to _gateway:domain
Thu Mar 18 05:00:00 2021; ICMP; eno1; 98 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:00:00 2021; UDP; eno1; 70 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:36507 to _gateway:domain
Thu Mar 18 05:00:00 2021; UDP; eno1; 70 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:36507 to _gateway:domain
Thu Mar 18 05:00:00 2021; TCP; eno1; 60 bytes; from 192.168.1.100:57678 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:00:00 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:00:00 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:52968 to _gateway:domain
Thu Mar 18 05:00:00 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:00:00 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:51003 to _gateway:domain
Thu Mar 18 05:00:00 2021; ICMP; eno1; 84 bytes; source MAC address MAC:MY:PC; from MyHostNamePC to 192.168.1.0; echo req
Thu Mar 18 05:00:00 2021; UDP; eno1; 65 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:39541 to _gateway:domain
Thu Mar 18 05:00:00 2021; UDP; eno1; 65 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:39541 to _gateway:domain
Thu Mar 18 05:00:01 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:34647 to _gateway:domain
Thu Mar 18 05:00:01 2021; TCP; lo; 60 bytes; from 127.0.0.1:36504 to 127.0.10.2:http (source MAC addr ); first packet (SYN)
Thu Mar 18 05:00:01 2021; TCP; lo; 60 bytes; from 127.0.10.2:http to localhost:36504 (source MAC addr ); first packet (SYN)


Thu Mar 18 05:33:22 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from 192.168.43.100:38140 to 192.168.43.83:domain
Thu Mar 18 05:33:22 2021; UDP; wlo1; 95 bytes; source MAC address MAC:MY:SMARTPHONE; from 192.168.43.83:domain to 192.168.43.100:58776
Thu Mar 18 05:33:22 2021; TCP; wlo1; 60 bytes; from 192.168.43.100:41274 to 192.168.0.1:netbios-ss (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:33:22 2021; UDP; wlo1; 95 bytes; source MAC address MAC:MY:SMARTPHONE; from 192.168.43.83:domain to 192.168.43.100:60543
Thu Mar 18 05:33:22 2021; UDP; wlo1; 73 bytes; source MAC address MAC:MY:PC; from 192.168.43.100:38232 to 192.168.43.83:domain
Thu Mar 18 05:33:22 2021; UDP; wlo1; 70 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:46350 to 192.168.43.83:domain
Thu Mar 18 05:33:22 2021; UDP; wlo1; 95 bytes; source MAC address MAC:MY:SMARTPHONE; from 192.168.43.83:domain to MyHostNamePC:38232
Thu Mar 18 05:33:22 2021; UDP; wlo1; 131 bytes; source MAC address MAC:MY:SMARTPHONE; from 192.168.43.83:domain to MyHostNamePC:38140
Thu Mar 18 05:33:22 2021; UDP; wlo1; 129 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:46350
Thu Mar 18 05:33:22 2021; TCP; wlo1; 60 bytes; from 192.168.43.100:60040 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:33:22 2021; UDP; wlo1; 73 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:43831 to _gateway:domain
Thu Mar 18 05:33:22 2021; UDP; wlo1; 95 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:43831
Thu Mar 18 05:33:23 2021; TCP; wlo1; 98 bytes; from 151.101.129.69:https to 192.168.43.100:54778 (source MAC addr MAC:MY:SMARTPHONE); first packet
Thu Mar 18 05:33:23 2021; TCP; wlo1; 40 bytes; from 192.168.43.100:54778 to 151.101.129.69:https (source MAC addr MAC:MY:PC); first packet

Thu Mar 18 05:50:35 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34458 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:35 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:35 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:47781 to _gateway:domain
Thu Mar 18 05:50:35 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:35 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:51964 to _gateway:domain
Thu Mar 18 05:50:35 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:51964
Thu Mar 18 05:50:36 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34460 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:36 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:36 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:55520 to _gateway:domain
Thu Mar 18 05:50:36 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:36 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:51493 to _gateway:domain
Thu Mar 18 05:50:36 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:51493
Thu Mar 18 05:50:37 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34462 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:37 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:37 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:44467 to _gateway:domain
Thu Mar 18 05:50:37 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:37 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:59703 to _gateway:domain
Thu Mar 18 05:50:37 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:59703
Thu Mar 18 05:50:37 2021; UDP; eno1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:34092 to 239.255.255.250:1900
Thu Mar 18 05:50:37 2021; UDP; wlo1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41723 to 239.255.255.250:1900
Thu Mar 18 05:50:37 2021; UDP; eno1; 74 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:40338 to _gateway:domain
Thu Mar 18 05:50:38 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34464 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:38 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:38 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:60085 to _gateway:domain
Thu Mar 18 05:50:38 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:38 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:56120 to _gateway:domain
Thu Mar 18 05:50:38 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:56120
Thu Mar 18 05:50:38 2021; UDP; eno1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:34092 to 239.255.255.250:1900
Thu Mar 18 05:50:38 2021; UDP; wlo1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41723 to 239.255.255.250:1900
Thu Mar 18 05:50:39 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34466 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:39 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:39 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:57876 to _gateway:domain
Thu Mar 18 05:50:39 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:39 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:33318 to _gateway:domain
Thu Mar 18 05:50:39 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:33318
Thu Mar 18 05:50:39 2021; UDP; eno1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:34092 to 239.255.255.250:1900
Thu Mar 18 05:50:39 2021; UDP; wlo1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41723 to 239.255.255.250:1900
Thu Mar 18 05:50:40 2021; UDP; eno1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:34092 to 239.255.255.250:1900
Thu Mar 18 05:50:40 2021; UDP; wlo1; 195 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41723 to 239.255.255.250:1900
Thu Mar 18 05:50:40 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34468 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:40 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:40 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41099 to _gateway:domain
Thu Mar 18 05:50:40 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:40 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:41949 to _gateway:domain
Thu Mar 18 05:50:40 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:41949
Thu Mar 18 05:50:41 2021; TCP; eno1; 60 bytes; from 192.168.1.100:34470 to 192.168.0.1:microsoft- (source MAC addr MAC:MY:PC); first packet (SYN)
Thu Mar 18 05:50:41 2021; ICMP; eno1; 88 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (ntwk)
Thu Mar 18 05:50:41 2021; UDP; eno1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:33061 to _gateway:domain
Thu Mar 18 05:50:41 2021; ICMP; eno1; 100 bytes; source MAC address MAC:MY:PC; from _gateway to MyHostNamePC; dest unrch (port)
Thu Mar 18 05:50:41 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:PC; from MyHostNamePC:51046 to _gateway:domain
Thu Mar 18 05:50:41 2021; UDP; wlo1; 72 bytes; source MAC address MAC:MY:SMARTPHONE; from _gateway:domain to MyHostNamePC:51046

If I enable the wifi card, the command goes into character exception.

Command output ip address on my PC (using Debian Buster):

1:  lo
    inet  224.0.0.1
    inet6 ff02::1
    inet6 ff01::1
2:  eno1
    link  01:00:5e:00:00:01
    link  33:33:00:00:00:01
    link  33:33:00:00:00:fb
    link  33:33:ff:38:d5:a2
    link  01:00:5e:00:00:fb
    inet  224.0.0.251 users 2
    inet  224.0.0.1
    inet6 ff02::1:ff38:d5a2
    inet6 ff02::fb
    inet6 ff02::1
    inet6 ff01::1
3:  wlo1
    link  01:00:5e:00:00:01 users 2
    link  33:33:00:00:00:01 users 2
    link  33:33:00:00:00:fb users 2
    link  33:33:ff:d0:db:d5 users 2
    link  01:00:5e:00:00:fb users 2
    inet  224.0.0.251 users 4
    inet  224.0.0.1
    inet6 ff02::1:ffd0:dbd5
    inet6 ff02::fb
    inet6 ff02::1
    inet6 ff01::1

I didn't notice anything horribly wrong in your logs (maybe a few more annoying destination unreachable ICMPs than I would like to see). Is there a particular issue you're having? NB: Just a personal opinion here (and not to disparage iptraf at all) but most people tend to use wireshark/tshark/tcpdump for troubleshooting. — Brandon Xavier, Mar 18 '21 at 07:25
Yes, I don't understand why there must be these communications. And I have problems with the internet connection which is slow, so I assumed there was some unjustified network traffic. — Graziano Giacobazzi, Mar 23 '21 at 08:26

Abnormal port request on Linux system

0 Answers0