Problem solve Get help with specific problems with your technologies, process and projects.

The meaning of "port already in use"

When accessing a network from a remote location, does "port already in use" indicate a sniffer/hacker? If not, what does it mean?

It means that there is a process already using a TCP or UDP port. It could be a backdoor, or it could simply be some server running on the machine. You need to find out what it is. To get some handle on it, I recommend running "netstat ?na" on Unix or Windows. It will show you the listening ports. Look for the one used by the program you are trying to run that gives you the "port already in use" error. To find out what is normally supposed to listen on that port, consult this list of well-known port numbers. Then, use a program like Inzider for Windows or lsof for Linux to determine what program is listening on the port. Then, investigate that program. What is it? Did you install it on the box? If not, you may want to disable it. But, be careful; you?re production environment may depend on it.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure and network security

This was last published in July 2002

Dig Deeper on Information security policies, procedures and guidelines