Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense is listening on port 36794, but sockstat -l does not show it

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 722 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snoeberde
      last edited by

      Hello,

      a couple of days ago, I installed two pfSense VMs and configured them as HA cluster.
      Yesterday, I ran a vulnerability scan via OpenVAS which shows 36794 as open port.
      So, when I run telnet <pfsense-ip> 36794 I will be connected to the firewall. Any input does not result in an output, though.

      The strange thing is, that sockstat -l does not show an open port 36794.
      tcpdump -ni vmx2 port 36794, however, shows packets corresponding to the telnet session.

      How can I find out, what is listening on port 36794 and how can I list ALL open ports?

      Thanks!

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @snoeberde
        last edited by NogBadTheBad

        @snoeberde

        https://www.speedguide.net/port.php?port=36794

        Diagnostics -> States and filter on 36794

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        S 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Mmm, where are you testing from? How are the VMs setup?

          pfSense does not open that port by default so in a clean install it pretty much has to be something in the hypervisor.

          Steve

          S 1 Reply Last reply Reply Quote 0
          • S
            snoeberde @NogBadTheBad
            last edited by

            @nogbadthebad
            Isn't bugbear a windows worm? A windows malware installation on a FreeBSD would be rather odd, wouldn't it? Nevertheless, I see the states (Diagnostics -> States) when I connect via telnet; probably similar to what I see with tcpdump.

            1 Reply Last reply Reply Quote 0
            • S
              snoeberde @stephenw10
              last edited by snoeberde

              @stephenw10
              Here is my setup:

              • 2 VMs on an ESXi
              • 8 NICs per VM (WAN, LAN1-6, PFSync)
              • some RAM, some CPU per VM
              • pfSense version 2.6.0 on each VM (installation time was about four days ago)
              • HA configuration (quite similar to https://docs.netgate.com/pfsense/en/latest/solutions/reference/highavailability/clusterconfiguration.html)
              • from a computer in at least one of the LAN's I can connect to each pfsense on port 36794 (at least nc -v tells me, that the tcp session is established successfully and via telnet I get "Trying ...<cr>Connected to ...<cr>Escape character ...<cr>")

              Why could it have something to do with the hypervisor? There are no vm-tools installed.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                What do the states look like when you connect? There are packets both ways?

                Where are you testing from? Another VM inside ESXi?

                I assume you have rules to pass that traffic.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.