Why don't some ports identified by Nexpose security scan appear in netstat

I ran a Nexpose security scan against a VMware linux appliance. (vmware data protection)
ports 443 came back with 3 severe vulnerabilities, and port 22 with one.

I putty'd to the appliance, logged in as root, and ran

netstat -ap

Long list of open ports came back, but not ports 443 and 22
Ran Nexpose again and it still listed ports 443 and 22 vulnerabilities

The 443 vulnerabilities related to TLS/SSL ciphers and certificates, and openssl
port 22 was related to SSH.  Openssl and certificates are installed on the appliance so it appears to be correct.

Why don't these ports 22 and 443 appear in netstat?
dakota5Asked:
Who is Participating?
 
Pasha KravtsovConnect With a Mentor Support EngineerCommented:
You can see what is running on those ports by doing this command:
lsof -i :22
lsof -i :443

Open in new window

0
 
Pasha KravtsovSupport EngineerCommented:
One of the reasons could be your machine has a rootkit on it and they have hooked certain functions so that the malicious users weren't noticed. Try telnet'ing to port 22 or port 443 and see what happens.
and just double check
netstat -ap | grep 443
netstat -ap | grep 22

Open in new window

do you have a sshd service running? or a webserver such as apache?
0
 
dakota5Connect With a Mentor Author Commented:
I discovered that netstat (at least the version distributed in the VMWare appliance) lists the common ports (443, 22, 80, etc)  only by the service names.

port 443 is only listed as https
port 22 is only listed as ssh.

netstat -apt | grep https
netstat -apt | grep ssh

return the expected ports.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
dakota5Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for dakota5's comment #a40228281
Assisted answer: 100 points for Pasha Kravtsov's comment #a40227518

for the following reason:

the expert's solution was not actually correct.
0
 
dakota5Author Commented:
Just wanted to soften my comment.  The expert did try, but his comment was not useful in this particular instance.
0
 
dakota5Author Commented:
just wanted to soften my comment.  the expert did try, but his comment was not useful in this particular instance.
0
 
dakota5Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for dakota5's comment #a40228281
Assisted answer: 100 points for Pasha Kravtsov's comment #a40227518

for the following reason:

The experts comment might be useful for other situations, but was not actually the issue in this particular instance.
0
 
dakota5Author Commented:
The expert's latest contribution is actually the best solution.
0
 
dakota5Author Commented:
my own contribution was first, and is an easy solution as well.
0
All Courses

From novice to tech pro — start learning today.