3 Replies Latest reply: Oct 9, 2013 10:38 AM by joekljk
SveinnFannar Level 1 (0 points)
I just scanned the open ports on my computer using nmap and found out that there is a service running on port 6969 and i can't find any good answers about it on google.
When i connect to localhost on port 6969 using telnet i get string back beginning with "nduid:" followed by a 40 characters long hex string.

I found something about this being a trojan from 1998, written for windows, but i find that highly unlikely :P

Do you guys have any ideas ?

MacBook Pro, Mac OS X (10.6.6)
  • captfred Level 7 (26,290 points)
    The best explanation I've seen is that it's a legitimate service used by bit torrent tracker.

  • ajduguid Level 3 (650 points)
    Well it pops up with acmsoda because it seems, that name has been assigned to that port in the /etc/services file. I believe one of the uses of the file is so you can, when required, give a port name instead of a port number e.g. you want to launch sshd (the ssh server) on the normal ssh port 22. So when required you can either just write 22 or you can change it with ssh.

    As pointed out, the port is often associated with BitTorrent. Do you happen to use Vuze? Vuze has a built-in tracker and the default port for that is 6969. There are other BitTorrent clients, one of them may also allow you to run a small BitTorrent tracker.
  • joekljk Level 1 (0 points)

    It has absolutely nothing to do with BitTorrent in this specific case. I know this thread is old but I figured I would post the correct solution for the rest of the internetz. If you are getting back the nduid: with 40-digit hex, then chances are you have a HP Touchpad and you have the Palm WebOS SDK and novaterm installed on your mac. You also probably have ports 6968, 6970, and 6971 listening. Just download the Palm WebOS SDK dmg, mount, and double-click on the uninstall-previous-sdk.command to remove the SDK and listeners.