Linux open ports – How To
There are many ways to identify open ports on the Linux box.
1. Linux open ports using port scanning – Nmap
Below nmap command lists TCP ports that are open,
linux-ts:/home/techsutram # nmap -sT 127.0.0.1
Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-11 21:41 IST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Interesting ports on localhost (127.0.0.1):
Not shown: 995 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
Below nmap command lists UDP ports that are open,
linux-ts:/home/techsutram# nmap -sU 127.0.0.1
Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-11 21:41 IST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Interesting ports on localhost (127.0.0.1):
Not shown: 997 closed ports
PORT STATE SERVICE
111/udp open|filtered rpcbind
631/udp open|filtered ipp
5353/udp open|filtered zeroconf
Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
2. Linux open ports using command ‘lsof’
linux-techsutram:/home/techsutram # lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 2680 root 6u IPv4 9038 0t0 UDP *:sunrpc
rpcbind 2680 root 7u IPv4 9049 0t0 UDP *:iris-xpc
rpcbind 2680 root 8u IPv4 9050 0t0 TCP *:sunrpc (LISTEN)
rpcbind 2680 root 9u IPv6 9052 0t0 UDP *:sunrpc
rpcbind 2680 root 10u IPv6 9054 0t0 UDP *:iris-xpc
rpcbind 2680 root 11u IPv6 9055 0t0 TCP *:sunrpc (LISTEN)
avahi-dae 2825 avahi 13u IPv4 9451 0t0 UDP *:mdns
avahi-dae 2825 avahi 14u IPv4 9452 0t0 UDP *:56745
cupsd 2845 root 4u IPv6 9545 0t0 TCP localhost:ipp (LISTEN)
cupsd 2845 root 5u IPv4 9546 0t0 TCP localhost:ipp (LISTEN)
cupsd 2845 root 7u IPv4 9549 0t0 UDP *:ipp
mysqld 3182 mysql 10u IPv4 10305 0t0 TCP *:mysql (LISTEN)
master 3605 root 12u IPv4 11177 0t0 TCP localhost:smtp (LISTEN)
master 3605 root 13u IPv6 11193 0t0 TCP localhost:smtp (LISTEN)
httpd2-pr 3774 root 3u IPv4 11718 0t0 TCP *:http (LISTEN)
httpd2-pr 3775 wwwrun 3u IPv4 11718 0t0 TCP *:http (LISTEN)
httpd2-pr 3776 wwwrun 3u IPv4 11718 0t0 TCP *:http (LISTEN)
httpd2-pr 3777 wwwrun 3u IPv4 11718 0t0 TCP *:http (LISTEN)
httpd2-pr 3778 wwwrun 3u IPv4 11718 0t0 TCP *:http (LISTEN)
httpd2-pr 3779 wwwrun 3u IPv4 11718 0t0 TCP *:http (LISTEN)
For each of the above named service, you can get their port numbers by going through /etc/services.
Below is the one liner that goes though /etc/services for every matched named service in lsof output,
linux-techsutram:/home/techsutram # for name in `lsof -i | awk '{print $8":"$9}' | cut -d: -f3 | grep -v NAME | uniq `;do echo $name && grep -w ^$name /etc/services ;done
3. Linux open ports using 'socklist'
linux-techsutram:/home/techsutram # socklist
type port inode uid pid fd name
tcp 111 9050 0 2680 8 rpcbind
tcp 80 11718 0 3779 3 httpd2-prefork
tcp 631 9546 0 2845 5 cupsd
tcp 25 11177 0 3605 12 master
tcp 3306 10305 60 3182 10 mysqld
tcp6 111 9055 0 2680 11 rpcbind
tcp6 631 9545 0 2845 4 cupsd
tcp6 25 11193 0 3605 13 master
udp 56745 9452 109 2825 14 avahi-daemon
udp 713 9049 0 2680 7 rpcbind
udp 5353 9451 109 2825 13 avahi-daemon
udp 111 9038 0 2680 6 rpcbind
udp 631 9549 0 2845 7 cupsd
udp6 713 9054 0 2680 10 rpcbind
udp6 111 9052 0 2680 9 rpcbind
4. Linux open ports using ‘netstat’
linux-techsutram:/home/techsutram # netstat -napl --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2680/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3774/httpd2-prefork
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2845/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3605/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3182/mysqld
tcp 0 0 :::111 :::* LISTEN 2680/rpcbind
tcp 0 0 ::1:631 :::* LISTEN 2845/cupsd
tcp 0 0 ::1:25 :::* LISTEN 3605/master
linux-techsutram:/home/techsutram # netstat -napl --udp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:56745 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 0.0.0.0:713 0.0.0.0:* 2680/rpcbind
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2680/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2845/cupsd
udp 0 0 :::713 :::* 2680/rpcbind
udp 0 0 :::111 :::* 2680/rpcbind
we can combine output of above two CLIs into single netstat command as,
linux-techsutram:/home/techsutram # netstat -napltu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2680/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3774/httpd2-prefork
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2845/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3605/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3182/mysqld
tcp 0 0 :::111 :::* LISTEN 2680/rpcbind
tcp 0 0 ::1:631 :::* LISTEN 2845/cupsd
tcp 0 0 ::1:25 :::* LISTEN 3605/master
udp 0 0 0.0.0.0:56745 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 0.0.0.0:713 0.0.0.0:* 2680/rpcbind
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2825/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2680/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 2845/cupsd
udp 0 0 :::713 :::* 2680/rpcbind
udp 0 0 :::111 :::* 2680/rpcbind
.jpg)
.jpg)
No comments:
Post a Comment
Your valuable comments are welcome. (Moderated)