Sunday, March 11, 2012

Linux open ports – How To

Bookmark and Share

Linux open ports

There are many ways to identify open ports on Linux box.

1. Linux open ports using port scanning – nmap

Below nmap command lists TCP ports that are open,

linux-ts:/home/techsutram # nmap -sT 127.0.0.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-11 21:41 IST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Interesting ports on localhost (127.0.0.1):
Not shown: 995 closed ports
PORT     STATE SERVICE
25/tcp   open  smtp
80/tcp   open  http
111/tcp  open  rpcbind
631/tcp  open  ipp
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds

Below nmap command lists UDP ports that are open,

linux-ts:/home/techsutram# nmap -sU 127.0.0.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-11 21:41 IST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Interesting ports on localhost (127.0.0.1):
Not shown: 997 closed ports
PORT     STATE         SERVICE
111/udp  open|filtered rpcbind
631/udp  open|filtered ipp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds

2. Linux open ports using command ‘lsof’

linux-techsutram:/home/techsutram # lsof -i
COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind   2680   root    6u  IPv4   9038      0t0  UDP *:sunrpc
rpcbind   2680   root    7u  IPv4   9049      0t0  UDP *:iris-xpc
rpcbind   2680   root    8u  IPv4   9050      0t0  TCP *:sunrpc (LISTEN)
rpcbind   2680   root    9u  IPv6   9052      0t0  UDP *:sunrpc
rpcbind   2680   root   10u  IPv6   9054      0t0  UDP *:iris-xpc
rpcbind   2680   root   11u  IPv6   9055      0t0  TCP *:sunrpc (LISTEN)
avahi-dae 2825  avahi   13u  IPv4   9451      0t0  UDP *:mdns
avahi-dae 2825  avahi   14u  IPv4   9452      0t0  UDP *:56745
cupsd     2845   root    4u  IPv6   9545      0t0  TCP localhost:ipp (LISTEN)
cupsd     2845   root    5u  IPv4   9546      0t0  TCP localhost:ipp (LISTEN)
cupsd     2845   root    7u  IPv4   9549      0t0  UDP *:ipp
mysqld    3182  mysql   10u  IPv4  10305      0t0  TCP *:mysql (LISTEN)
master    3605   root   12u  IPv4  11177      0t0  TCP localhost:smtp (LISTEN)
master    3605   root   13u  IPv6  11193      0t0  TCP localhost:smtp (LISTEN)
httpd2-pr 3774   root    3u  IPv4  11718      0t0  TCP *:http (LISTEN)
httpd2-pr 3775 wwwrun    3u  IPv4  11718      0t0  TCP *:http (LISTEN)
httpd2-pr 3776 wwwrun    3u  IPv4  11718      0t0  TCP *:http (LISTEN)
httpd2-pr 3777 wwwrun    3u  IPv4  11718      0t0  TCP *:http (LISTEN)
httpd2-pr 3778 wwwrun    3u  IPv4  11718      0t0  TCP *:http (LISTEN)
httpd2-pr 3779 wwwrun    3u  IPv4  11718      0t0  TCP *:http (LISTEN)

For each of the above named service, you can get their port numbers by going through /etc/services.

Below is the one liner that goes though /etc/services for every matched named service in lsof output,

linux-techsutram:/home/techsutram # for name in `lsof -i |  awk '{print $8":"$9}' | cut -d: -f3 | grep -v NAME | uniq `;do echo $name && grep -w ^$name /etc/services ;done

3. Linux open ports using 'socklist'

linux-techsutram:/home/techsutram # socklist
type   port      inode     uid    pid   fd  name
tcp     111       9050       0   2680    8  rpcbind
tcp      80      11718       0   3779    3  httpd2-prefork
tcp     631       9546       0   2845    5  cupsd
tcp      25      11177       0   3605   12  master
tcp    3306      10305      60   3182   10  mysqld
tcp6    111       9055       0   2680   11  rpcbind
tcp6    631       9545       0   2845    4  cupsd
tcp6     25      11193       0   3605   13  master
udp   56745       9452     109   2825   14  avahi-daemon
udp     713       9049       0   2680    7  rpcbind
udp    5353       9451     109   2825   13  avahi-daemon
udp     111       9038       0   2680    6  rpcbind
udp     631       9549       0   2845    7  cupsd
udp6    713       9054       0   2680   10  rpcbind
udp6    111       9052       0   2680    9  rpcbind

4.  Linux open ports using ‘netstat’

linux-techsutram:/home/techsutram # netstat -napl --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2680/rpcbind       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3774/httpd2-prefork
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2845/cupsd         
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3605/master        
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3182/mysqld        
tcp        0      0 :::111                  :::*                    LISTEN      2680/rpcbind       
tcp        0      0 ::1:631                 :::*                    LISTEN      2845/cupsd         
tcp        0      0 ::1:25                  :::*                    LISTEN      3605/master        
linux-techsutram:/home/techsutram # netstat -napl --udp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
udp        0      0 0.0.0.0:56745           0.0.0.0:*                           2825/avahi-daemon: 
udp        0      0 0.0.0.0:713             0.0.0.0:*                           2680/rpcbind       
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2825/avahi-daemon: 
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2680/rpcbind       
udp        0      0 0.0.0.0:631             0.0.0.0:*                           2845/cupsd         
udp        0      0 :::713                  :::*                                2680/rpcbind       
udp        0      0 :::111                  :::*                                2680/rpcbind       

we can combine output of above two CLIs into single netstat command as,

linux-techsutram:/home/techsutram # netstat -napltu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2680/rpcbind       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      3774/httpd2-prefork
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2845/cupsd         
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      3605/master        
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      3182/mysqld        
tcp        0      0 :::111                  :::*                    LISTEN      2680/rpcbind       
tcp        0      0 ::1:631                 :::*                    LISTEN      2845/cupsd         
tcp        0      0 ::1:25                  :::*                    LISTEN      3605/master        
udp        0      0 0.0.0.0:56745           0.0.0.0:*                           2825/avahi-daemon: 
udp        0      0 0.0.0.0:713             0.0.0.0:*                           2680/rpcbind       
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2825/avahi-daemon: 
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2680/rpcbind       
udp        0      0 0.0.0.0:631             0.0.0.0:*                           2845/cupsd         
udp        0      0 :::713                  :::*                                2680/rpcbind       
udp        0      0 :::111                  :::*                                2680/rpcbind       


No comments:

Post a Comment

Your valuable comments are welcome. (Comments will be moderated.)

 




Technology