I was performing a NMAP port scan against a test ESXi 4.0 box so we can document what ports it is listening on. All the standard ports came up (80, 427, 902, etc.) but NMAP also said 123 UDP, 8301 and 8302 UDP were open/filtered. I know UDP 123 is NTP time, but I would have though ESXi initiated the communications with the NTP server and wouldn't be listening all the time on 123?
I also tried to Google UDP 8301 and 8302, and came up with no hits related to ESX. Is this just a NMAP glitch, or is ESXi 4.0 really listening on these UDP ports? If so, why?
http://kb.vmware.com/kb/1012382
I was aware of that KB article, but it has no mention of 8301 and 8302.
Then have a look what might have been installed after the fact and not on the list. A specific version of ESXi Dell, IBM, HP that may have additional tools. Openmanage, etc
This is an ESXi host, so nothing was installed and it's using the generic ESXi install, not one from HP, Dell, etc.
What flags are you using?
None. This is a generic ESXi installation with absolutely no tweaking or changes whatsoever.
More specific. What nmap flags did you use?
nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.0.250
I ran the nmap scan against several servers here both ESXi 3.5 and 4. No similar ports. Any fingerprint info? Have you tried a telnet to the port?
We ran nmap scan on one of our ESXi machines and couln't find the ports you mentioned