Port open high for a few moments more often

I have a dns server running bind without iptables configuration. Running some scanners with nmap, I found that no root in some high moments ports are open but soon close, and stay in that loop. When I walk with root these ports do not appear at any time. Here is an output of nmap: Host is up (0.00022s latency). Scanned at 2016-09-10 01:04:48 UTC for 0s Not shown: 64996 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 111/tcp open rpcbind 52347/tcp open unknown And a moment later ... Host is up (0.00022s latency). Scanned at 2016-09-10 01:04:49 UTC for 1s Not shown: 64994 closed ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 111/tcp open rpcbind 38248/tcp open unknown 52347/tcp open unknown 55806/tcp open unknown Output of netstat -ltnp Conexões Internet Ativas (sem os servidores) Proto Recv-Q Send-Q Endereço Local Endereço Remoto Estado PID/Program name tcp 0 0 127.0.0.1:953 0.0.0.0:* OUÇA 7209/named tcp 0 0 0.0.0.0:52347 0.0.0.0:* OUÇA 902/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* OUÇA 888/rpcbind tcp 0 0 XXX.XX.XX.X:53 0.0.0.0:* OUÇA 7209/named tcp 0 0 XXX.XXX.XX.X:53 0.0.0.0:* OUÇA 7209/named tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA 7209/named tcp 0 0 0.0.0.0:22 0.0.0.0:* OUÇA 935/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* OUÇA 1258/cupsd tcp6 0 0 :::48323 :::* OUÇA 902/rpc.statd tcp6 0 0 :::111 :::* OUÇA 888/rpcbind tcp6 0 0 :::22 :::* OUÇA 935/sshd tcp6 0 0 ::1:631 :::* OUÇA 1258/cupsd My system is Linux lDebian13 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux What is it these ports? will bug? is a backdoor? how can I get information from them?