# rkhunter hidden port UDP:68

## Seron

I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.

```
# rkhunter --check --report-warnings-only

Warning: Hidden ports found:

         Port number: UDP:68

```

I'm not sure what to make of it. How can I find what's using this port, and why isn't rkhunter reporting the binary using it like it did before PORT_PATH_WHITELIST was set?

----------

## patrix_neo

 *Seron wrote:*   

> I've used dhcpcd for some time and have PORT_PATH_WHITELIST=/sbin/dhcpcd:UDP:68 set in /etc/rkhunter.conf so rkhunter doesn't report it as a hidden port, or so it has been until recently. I now have rkhunter report hidden port 68 without any particular binary path attached to it.
> 
> ```
> # rkhunter --check --report-warnings-only
> 
> ...

 

You might have netstat installed. This app can display processes using certain ports. I usually use netstat -tulpn for such occasions. ( -tulipan - a memory mind game )

 *patrix_neo's processes using ports wrote:*   

> 
> 
> Active Internet connections (only servers)
> 
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
> ...

 

----------

