I was running a routine security check of the machines I manage today and found in my nmap scans that TCP/554 is open, although when I run 'netstat -an' on the machine itself it doesn't show up, same result if I nmap the host locally.
I then tried connecting to www.google.com on tcp/554 and it is open and it seems all hosts 'have the port open'.
Obviously my ISP is doing something here but then I tried the same on my iphone via a 3G connection and it returns the same results. My ISP is a satellite ISP and my phone/3G connection is with a totally separate provider. Any ideas ?
I had a similar issue. For me, it turned out Apple Time Capsule was making it appear that ports 21, 554, and 7070 were open (it would proxy requests and not check if connections were accepted until later in the exchange.) So, if you're using an Apple networking device, I'd check there.
tcp/554 is rtsp - Real Time Streaming Protocol. Some types of streaming media (RealAudio, QuickTime, and others) use this port. A web server would typically have this open and listening if there are any types of these activities.
Do a TCP trace-route (yes you can do not only ICMP) to your destination. You will then see where the connection terminates. At your ISP (or somebody else on the way) or at your real destination. Compare with ICMP trace-route or trace of other ports.
You can use nping from the nmap package to do the trace.
Various routers (Verizon FiOS, BT Home Hub, Apple Airport Extreme, ...) always show
*:554and*:7070as open for some reason.Hackerific » False positive TCP ports!