if u open ur terminal inside Whonix-Qubes-WS and write
sudo netstat -l
u will find this result:-
user@host:~$ sudo netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 localhost:9050 *:* LISTEN
tcp 0 0 localhost:9051 *:* LISTEN
tcp 0 0 localhost:9150 *:* LISTEN
tcp 0 0 localhost:9151 *:* LISTEN
tcp 0 0 localhost:9152 *:* LISTEN
tcp 0 0 localhost:9153 *:* LISTEN
tcp 0 0 localhost:11109 *:* LISTEN
tcp6 0 0 localhost:ipp [::]:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 16411 /tmp/ksocket-user/klauncherMT1662.slave-socket
unix 2 [ ACC ] STREAM LISTENING 14256 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 14885 /run/user/1000/keyring/gpg
unix 2 [ ACC ] STREAM LISTENING 11307 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 11310 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 14900 /run/user/1000/pulse/native
unix 2 [ ACC ] STREAM LISTENING 13877 /var/run/tor/control
unix 2 [ ACC ] STREAM LISTENING 10813 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 14151 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9152.sock
unix 2 [ ACC ] STREAM LISTENING 14157 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9050.sock
unix 2 [ ACC ] STREAM LISTENING 14162 /var/run/tor/socks
unix 2 [ ACC ] STREAM LISTENING 15958 /var/run/qubes/qrexec-server.user.sock
unix 2 [ ACC ] STREAM LISTENING 14682 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9051.sock
unix 2 [ ACC ] STREAM LISTENING 14686 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9151.sock
unix 2 [ ACC ] STREAM LISTENING 14178 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9153.sock
unix 2 [ ACC ] STREAM LISTENING 14953 /run/user/1000/keyring/ssh
unix 2 [ ACC ] STREAM LISTENING 14189 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_11109.sock
unix 2 [ ACC ] STREAM LISTENING 15436 @/tmp/dbus-AK5m72CsOG
unix 2 [ ACC ] STREAM LISTENING 14205 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock
unix 2 [ ACC ] STREAM LISTENING 12158 /var/run/xf86-qubes-socket
unix 2 [ ACC ] STREAM LISTENING 8840 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 15501 /run/user/1000/keyring/control
unix 2 [ ACC ] STREAM LISTENING 13468 /var/run/qubes/qrexec-agent
unix 2 [ ACC ] SEQPACKET LISTENING 8863 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 8867 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 15526 /run/user/1000/keyring/pkcs11
unix 2 [ ACC ] STREAM LISTENING 16296 /tmp/ksocket-user/kdeinit4__0
unix 2 [ ACC ] STREAM LISTENING 1709 /var/run/qubes/qubesdb.sock
unix 2 [ ACC ] STREAM LISTENING 14257 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 12260 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14826 /tmp/ssh-eMdGjyHN9obC/agent.979
unix 2 [ ACC ] STREAM LISTENING 14830 /tmp/gpg-CKFS3p/S.gpg-agent
user@host:~$
i feels it strange no ? @Patrick @marmarek @adw
this is from Qubes 3.2 not 4
if i use ss -l the output is:-
u_str LISTEN 0 5 /tmp/ksocket-user/klauncherMT1662.slave-socket 16411 * 0
u_str LISTEN 0 128 @/tmp/.X11-unix/X0 14256 * 0
u_str LISTEN 0 128 /run/user/1000/keyring/gpg 14885 * 0
u_str LISTEN 0 128 /var/run/dbus/system_bus_socket 11307 * 0
u_str LISTEN 0 128 /run/acpid.socket 11310 * 0
u_str LISTEN 0 5 /run/user/1000/pulse/native 14900 * 0
u_str LISTEN 0 5 /var/run/tor/control 13877 * 0
u_str LISTEN 0 128 /var/run/cups/cups.sock 10813 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9152.sock 14151 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9050.sock 14157 * 0
u_str LISTEN 0 5 /var/run/tor/socks 14162 * 0
u_str LISTEN 0 5 /var/run/qubes/qrexec-server.user.sock 15958 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9051.sock 14682 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/syslog 1628 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9151.sock 14686 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9153.sock 14178 * 0
u_str LISTEN 0 128 /run/user/1000/keyring/ssh 14953 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_11109.sock 14189 * 0
u_str LISTEN 0 30 @/tmp/dbus-AK5m72CsOG 15436 * 0
u_str LISTEN 0 5 /var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock 14205 * 0
u_str LISTEN 0 5 /var/run/xf86-qubes-socket 12158 * 0
u_dgr UNCONN 0 0 /run/systemd/notify 8838 * 0
u_str LISTEN 0 128 /run/systemd/private 8840 * 0
u_str LISTEN 0 128 /run/user/1000/keyring/control 15501 * 0
u_dgr UNCONN 0 0 /run/systemd/shutdownd 8854 * 0
u_str LISTEN 0 5 /var/run/qubes/qrexec-agent 13468 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/dev-log 8859 * 0
u_seq LISTEN 0 128 /run/udev/control 8863 * 0
u_str LISTEN 0 128 /run/systemd/journal/stdout 8867 * 0
u_dgr UNCONN 0 0 /run/systemd/journal/socket 8869 * 0
u_str LISTEN 0 128 /run/user/1000/keyring/pkcs11 15526 * 0
u_str LISTEN 0 128 /tmp/ksocket-user/kdeinit4__0 16296 * 0
u_str LISTEN 0 5 /var/run/qubes/qubesdb.sock 1709 * 0
u_str LISTEN 0 128 /tmp/.X11-unix/X0 14257 * 0
u_dgr UNCONN 0 0 /run/user/1000/systemd/notify 12258 * 0
u_str LISTEN 0 128 /run/user/1000/systemd/private 12260 * 0
u_str LISTEN 0 128 /tmp/ssh-eMdGjyHN9obC/agent.979 14826 * 0
u_str LISTEN 0 5 /tmp/gpg-CKFS3p/S.gpg-agent 14830 * 0
u_dgr UNCONN 0 0 * 14530 * 8859
u_dgr UNCONN 0 0 * 14187 * 8859
u_dgr UNCONN 0 0 * 13597 * 8859
u_dgr UNCONN 0 0 * 14160 * 14159
u_dgr UNCONN 0 0 * 11635 * 8869
u_dgr UNCONN 0 0 * 13855 * 13854
u_dgr UNCONN 0 0 * 14176 * 14177
u_dgr UNCONN 0 0 * 14155 * 14156
u_dgr UNCONN 0 0 * 13854 * 13855
u_dgr UNCONN 0 0 * 14159 * 14160
u_dgr UNCONN 0 0 * 14203 * 14204
u_dgr UNCONN 0 0 * 14572 * 8859
u_dgr UNCONN 0 0 * 14177 * 14176
u_dgr UNCONN 0 0 * 14156 * 14155
u_dgr UNCONN 0 0 * 13723 * 8859
u_dgr UNCONN 0 0 * 14012 * 8859
u_dgr UNCONN 0 0 * 13360 * 8859
u_dgr UNCONN 0 0 * 13508 * 13509
u_dgr UNCONN 0 0 * 13540 * 13539
u_dgr UNCONN 0 0 * 14150 * 14149
u_dgr UNCONN 0 0 * 13552 * 13551
u_dgr UNCONN 0 0 * 13551 * 13552
u_dgr UNCONN 0 0 * 13500 * 13499
u_dgr UNCONN 0 0 * 13502 * 8859
u_dgr UNCONN 0 0 * 13499 * 13500
u_dgr UNCONN 0 0 * 13527 * 13528
u_dgr UNCONN 0 0 * 14149 * 14150
u_dgr UNCONN 0 0 * 13539 * 13540
u_dgr UNCONN 0 0 * 14109 * 8859
u_dgr UNCONN 0 0 * 13528 * 13527
u_dgr UNCONN 0 0 * 13467 * 8859
u_dgr UNCONN 0 0 * 13505 * 13506
u_dgr UNCONN 0 0 * 13509 * 13508
u_dgr UNCONN 0 0 * 14204 * 14203
u_dgr UNCONN 0 0 * 13506 * 13505
u_dgr UNCONN 0 0 * 15491 * 8859
u_dgr UNCONN 0 0 * 1792 * 1791
u_dgr UNCONN 0 0 * 14591 * 8859
u_dgr UNCONN 0 0 * 14174 * 14173
u_dgr UNCONN 0 0 * 12152 * 12151
u_dgr UNCONN 0 0 * 14684 * 14685
u_dgr UNCONN 0 0 * 13381 * 8859
u_dgr UNCONN 0 0 * 24054 * 8859
u_dgr UNCONN 0 0 * 14681 * 14680
u_dgr UNCONN 0 0 * 1791 * 1792
u_dgr UNCONN 0 0 * 12135 * 8859
u_dgr UNCONN 0 0 * 14685 * 14684
u_dgr UNCONN 0 0 * 12149 * 8859
u_dgr UNCONN 0 0 * 15544 * 0
u_dgr UNCONN 0 0 * 14651 * 8859
u_dgr UNCONN 0 0 * 14173 * 14174
u_dgr UNCONN 0 0 * 11623 * 8869
u_dgr UNCONN 0 0 * 14680 * 14681
u_dgr UNCONN 0 0 * 1788 * 8869
u_dgr UNCONN 0 0 * 13379 * 8859
u_dgr UNCONN 0 0 * 1632 * 8869
u_dgr UNCONN 0 0 * 11172 * 8859
u_dgr UNCONN 0 0 * 16344 * 8859
u_dgr UNCONN 0 0 * 11570 * 8859
u_dgr UNCONN 0 0 * 16502 * 8859
u_dgr UNCONN 0 0 * 12151 * 12152
u_dgr UNCONN 0 0 * 12227 * 8859
u_dgr UNCONN 0 0 * 12378 * 8869
u_dgr UNCONN 0 0 * 12230 * 8869
u_dgr UNCONN 0 0 * 14560 * 8859
tcp LISTEN 0 128 127.0.0.1:ipp *:*
tcp LISTEN 0 5 127.0.0.1:9050 *:*
tcp LISTEN 0 5 127.0.0.1:9051 *:*
tcp LISTEN 0 5 127.0.0.1:9150 *:*
tcp LISTEN 0 5 127.0.0.1:9151 *:*
tcp LISTEN 0 5 127.0.0.1:9152 *:*
tcp LISTEN 0 5 127.0.0.1:9153 *:*
tcp LISTEN 0 5 127.0.0.1:11109 *:*
tcp LISTEN 0 128 ::1:ipp :::*
user@host:~$
this is from whonix-gw:-
user@host:~$ netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:bacula-sd *:* LISTEN
tcp 0 0 10.137.6.1:9167 *:* LISTEN
tcp 0 0 10.137.6.1:bacula-sd *:* LISTEN
tcp 0 0 10.137.6.1:9040 *:* LISTEN
tcp 0 0 localhost:9104 *:* LISTEN
tcp 0 0 10.137.6.1:9168 *:* LISTEN
tcp 0 0 10.137.6.1:9104 *:* LISTEN
tcp 0 0 localhost:9041 *:* LISTEN
tcp 0 0 localhost:9105 *:* LISTEN
tcp 0 0 10.137.6.1:9169 *:* LISTEN
tcp 0 0 10.137.6.1:9105 *:* LISTEN
tcp 0 0 localhost:9106 *:* LISTEN
tcp 0 0 10.137.6.1:9170 *:* LISTEN
tcp 0 0 10.137.6.1:9106 *:* LISTEN
tcp 0 0 *:8082 *:* LISTEN
tcp 0 0 localhost:9107 *:* LISTEN
tcp 0 0 10.137.6.1:9171 *:* LISTEN
tcp 0 0 10.137.6.1:9107 *:* LISTEN
tcp 0 0 localhost:9108 *:* LISTEN
tcp 0 0 10.137.6.1:9172 *:* LISTEN
tcp 0 0 10.137.6.1:9108 *:* LISTEN
tcp 0 0 localhost:9109 *:* LISTEN
tcp 0 0 10.137.6.1:9173 *:* LISTEN
tcp 0 0 10.137.6.1:9109 *:* LISTEN
tcp 0 0 localhost:9110 *:* LISTEN
tcp 0 0 10.137.6.1:9174 *:* LISTEN
tcp 0 0 10.137.6.1:9110 *:* LISTEN
tcp 0 0 localhost:9111 *:* LISTEN
tcp 0 0 10.137.6.1:9175 *:* LISTEN
tcp 0 0 10.137.6.1:9111 *:* LISTEN
tcp 0 0 localhost:9112 *:* LISTEN
tcp 0 0 10.137.6.1:9176 *:* LISTEN
tcp 0 0 10.137.6.1:9112 *:* LISTEN
tcp 0 0 localhost:9113 *:* LISTEN
tcp 0 0 10.137.6.1:9177 *:* LISTEN
tcp 0 0 10.137.6.1:9113 *:* LISTEN
tcp 0 0 localhost:9114 *:* LISTEN
tcp 0 0 10.137.6.1:9178 *:* LISTEN
tcp 0 0 10.137.6.1:9114 *:* LISTEN
tcp 0 0 10.137.6.1:9050 *:* LISTEN
tcp 0 0 localhost:9050 *:* LISTEN
tcp 0 0 localhost:9051 *:* LISTEN
tcp 0 0 localhost:9115 *:* LISTEN
tcp 0 0 10.137.6.1:9179 *:* LISTEN
tcp 0 0 10.137.6.1:9115 *:* LISTEN
tcp 0 0 localhost:9116 *:* LISTEN
tcp 0 0 10.137.6.1:9180 *:* LISTEN
tcp 0 0 10.137.6.1:9116 *:* LISTEN
tcp 0 0 10.137.6.1:9052 *:* LISTEN
tcp 0 0 localhost:9117 *:* LISTEN
tcp 0 0 10.137.6.1:9181 *:* LISTEN
tcp 0 0 10.137.6.1:9117 *:* LISTEN
tcp 0 0 localhost:9150 *:* LISTEN
tcp 0 0 localhost:9118 *:* LISTEN
tcp 0 0 10.137.6.1:9182 *:* LISTEN
tcp 0 0 10.137.6.1:9150 *:* LISTEN
tcp 0 0 10.137.6.1:9118 *:* LISTEN
tcp 0 0 localhost:9119 *:* LISTEN
tcp 0 0 10.137.6.1:9183 *:* LISTEN
tcp 0 0 10.137.6.1:9119 *:* LISTEN
tcp 0 0 localhost:9120 *:* LISTEN
tcp 0 0 10.137.6.1:9184 *:* LISTEN
tcp 0 0 10.137.6.1:9152 *:* LISTEN
tcp 0 0 10.137.6.1:9120 *:* LISTEN
tcp 0 0 localhost:9121 *:* LISTEN
tcp 0 0 10.137.6.1:9185 *:* LISTEN
tcp 0 0 10.137.6.1:9153 *:* LISTEN
tcp 0 0 10.137.6.1:9121 *:* LISTEN
tcp 0 0 localhost:9122 *:* LISTEN
tcp 0 0 10.137.6.1:9186 *:* LISTEN
tcp 0 0 10.137.6.1:9154 *:* LISTEN
tcp 0 0 10.137.6.1:9122 *:* LISTEN
tcp 0 0 localhost:9123 *:* LISTEN
tcp 0 0 10.137.6.1:9187 *:* LISTEN
tcp 0 0 10.137.6.1:9155 *:* LISTEN
tcp 0 0 10.137.6.1:9123 *:* LISTEN
tcp 0 0 localhost:9124 *:* LISTEN
tcp 0 0 10.137.6.1:9188 *:* LISTEN
tcp 0 0 10.137.6.1:9156 *:* LISTEN
tcp 0 0 10.137.6.1:9124 *:* LISTEN
tcp 0 0 localhost:9125 *:* LISTEN
tcp 0 0 10.137.6.1:9189 *:* LISTEN
tcp 0 0 10.137.6.1:9157 *:* LISTEN
tcp 0 0 10.137.6.1:9125 *:* LISTEN
tcp 0 0 10.137.6.1:9158 *:* LISTEN
tcp 0 0 10.137.6.1:9159 *:* LISTEN
tcp 0 0 10.137.6.1:9160 *:* LISTEN
tcp 0 0 10.137.6.1:9161 *:* LISTEN
tcp 0 0 10.137.6.1:9162 *:* LISTEN
tcp 0 0 10.137.6.1:9163 *:* LISTEN
tcp 0 0 localhost:9100 *:* LISTEN
tcp 0 0 10.137.6.1:9164 *:* LISTEN
tcp 0 0 10.137.6.1:9100 *:* LISTEN
tcp 0 0 localhost:bacula-dir *:* LISTEN
tcp 0 0 10.137.6.1:9165 *:* LISTEN
tcp 0 0 10.137.6.1:bacula-dir *:* LISTEN
tcp 0 0 localhost:bacula-fd *:* LISTEN
tcp 0 0 10.137.6.1:9166 *:* LISTEN
tcp 0 0 10.137.6.1:bacula-fd *:* LISTEN
udp 0 0 localhost:5400 *:*
udp 0 0 10.137.6.1:5300 *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 9232 /var/run/qubes/qubesdb.sock
unix 2 [ ACC ] STREAM LISTENING 15646 /var/run/tor/socks
unix 2 [ ACC ] STREAM LISTENING 15648 /var/run/tor/control
unix 2 [ ACC ] STREAM LISTENING 14512 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 13861 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 7994 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 14911 /run/user/1000/pulse/native
unix 2 [ ACC ] SEQPACKET LISTENING 8017 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 12885 /var/run/qubes/qrexec-agent
unix 2 [ ACC ] STREAM LISTENING 8021 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 10842 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 10845 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 13154 /var/run/xf86-qubes-socket
unix 2 [ ACC ] STREAM LISTENING 15228 /var/run/qubes/qrexec-server.user.sock
unix 2 [ ACC ] STREAM LISTENING 14513 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 14786 @/tmp/dbus-6UkHlz2CtT
user@host:~$
It’s pretty normal output for uninfected virtual machines.
You can change firewall rules in Whonix-GW, if you think some connection to outer world is wrong/dangereous
1 Like