The meaning of "port already in use"

When accessing a network from a remote location, does "port already in use" indicate a sniffer/hacker? If not,

what does it mean?

It means that there is a process already using a TCP or UDP port. It could be a backdoor, or it could simply be some server running on the machine. You need to find out what it is. To get some handle on it, I recommend running "netstat ?na" on Unix or Windows. It will show you the listening ports. Look for the one used by the program you are trying to run that gives you the "port already in use" error. To find out what is normally supposed to listen on that port, consult this list of well-known port numbers. Then, use a program like Inzider for Windows or lsof for Linux to determine what program is listening on the port. Then, investigate that program. What is it? Did you install it on the box? If not, you may want to disable it. But, be careful; you?re production environment may depend on it.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure and network security

This was first published in July 2002

Dig deeper on Security Resources



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: