On 2/18/23 07:53, George N. White III wrote: I do not understand. I have no HP software on my machine. As for storage, I do have Samba running, but it does not use this port.

On Sat, Feb 18, 2023, at 2:44 PM, ToddAndMargo via users wrote: That is a multicast reserved ip: RESERVED (225.0.0.0-231.255.255.255 (7 /8s)) Reference [RFC5771]

On Sat, 18 Feb 2023 15:49:16 -0800 ToddAndMargo via users wrote: Try "sudo ss -l -p -n | fgrep 3780" that might tell you what program is listening on port 3780 (if any) then you could use rpm -q -i -f /program/name to see what the heck it is.

On 2/18/23 16:22, Tom Horsley wrote: tcp LISTEN 0 4096 *:6566 How do you get ss to tell you the program name?

On 2/18/23 16:54, Tom Horsley wrote: Opps, forgot to run it as root. See result way below. It is "conntrackd". Am I even usig that with iptables? Looks like not: # dnf remove conntrack Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: conntrack-tools x86_64 1.4.6-4.fc37 @fedora 670 k Removing unused dependencies: libnetfilter_cthelper x86_64 1.0.0-22.fc37 @fedora 43 k libnetfilter_cttimeout x86_64 1.0.0-20.fc37 @fedora 43 k libnetfilter_queue x86_64 1.0.5-3.fc37 @fedora 53 k Transaction Summary ================================================================================ Remove 4 Packages Freed space: 809 k Is this ok [y/N]: Do you thnk I cold get away with removing it? $ su root -c "ss -l -p -n | fgrep 3780" Password: udp UNCONN 0 0 0.0.0.0:3780 0.0.0.0:* users:(("conntrackd",pid=5617,fd=6)) $ rpm -q -i -f $(which conntrackd) Name : conntrack-tools Version : 1.4.6 Release : 4.fc37 Architecture: x86_64 Install Date: Tue 13 Dec 2022 07:07:59 AM PST Group : Unspecified Size : 685579 License : GPLv2 Signature : RSA/SHA256, Wed 20 Jul 2022 05:20:15 PM PDT, Key ID f55ad3fb5323552a Source RPM : conntrack-tools-1.4.6-4.fc37.src.rpm Build Date : Wed 20 Jul 2022 04:44:59 PM PDT Build Host : buildvm-x86-29.iad2.fedoraproject.org Packager : Fedora Project Vendor : Fedora Project URL : http://conntrack-tools.netfilter.org/ Bug URL : https://bugz.fedoraproject.org/conntrack-tools Summary : Manipulate netfilter connection tracking table and run High Availability Description : With conntrack-tools you can setup a High Availability cluster and synchronize conntrack state between multiple firewalls. The conntrack-tools package contains two programs: - conntrack: the command line interface to interact with the connection tracking system. - conntrackd: the connection tracking userspace daemon that can be used to deploy highly available GNU/Linux firewalls and collect statistics of the firewall use. conntrack is used to search, list, inspect and maintain the netfilter connection tracking subsystem of the Linux kernel. Using conntrack, you can dump a list of all (or a filtered selection of) currently tracked connections, delete connections from the state table, and even add new ones. In addition, you can also monitor connection tracking events, e.g. show an event message (one line) per newly established connection.

On 2/18/23 16:59, Samuel Sieb wrote: Pretty! # lsof -i udp:3780 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME conntrack 5617 root 6u IPv4 33770 0t0 UDP *:nnp I am using iptables. Do you think I can just remove conntrack?

On 2/18/23 18:31, Samuel Sieb wrote: $ ps ax | grep [5]617 5617 ? Ss 0:03 /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf I also looked at # dnf remove conntrack Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: conntrack-tools x86_64 1.4.6-4.fc37 @fedora 670 k Removing unused dependencies: libnetfilter_cthelper x86_64 1.0.0-22.fc37 @fedora 43 k libnetfilter_cttimeout x86_64 1.0.0-20.fc37 @fedora 43 k libnetfilter_queue x86_64 1.0.5-3.fc37 @fedora 53 k Transaction Summary ================================================================================ Remove 4 Packages No sign of iptables in that.

On 2/18/23 21:09, Samuel Sieb wrote: Years and years ago, I installed from Xfce's Live USB. A lot of weird stuff got installed when I upgraded from fc36 to fc37. Netfilter for one, which did a job on my iptables. No. I am a believer is doing a dead level minimalist install and then adding what services you need as they arise. Thank you for the confirmation Sam! Oh and silly me! If I was worried about iptables not working if I removed conntrack, all I had to do was a simple test: # systemctl stop conntrackd And blessed silence in my log file. Test outgoing ports I know are blocked with tcpping to verify my firewall is still working. Then # dnf remove conntrack restart my firewall. Happy camping has returned. All these years I never knew how to trace down what program was using what port in Linux. I now have it written down! Thank you all for the help! -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If I had a dime every time I didn't know what was going on, I'd be like, "Why is everyone giving me all these dimes?" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~