Check the port status of Linux

Check the port status of Linux

The “IP address” is used to identify which computer on the network you are connecting to, and the “port number” is needed to identify which program running on that computer you are accessing.
The port number is a 16-bit integer and ranges from 0 to 65535.

To check which ports are waiting for a connection in Linux, use the ss command or netstat command.

●well-known ports

Port numbers (0-1023) are reserved in advance for well-known services and protocols used in TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Typical port numbers

TCP 20FTP ( data transfer port)
TCP 21FTP ( control port)
TCP 22SSH
TCP 23Telnet
TCP 25SMTP
UDP 53DNS
UDP 67DHCP(server)
UDP 68DHCP(Client)
TCP 80HTTP
TCP 110POP3
UDP 123NTP
TCP 443HTTPS

Use the ss command to check which ports are waiting to be connected.

●Options for the ss command

-aShow all socket
-nDisplay without converting to service name
-tDisplay TCP information only
-uDisplay UDP information only

●Show only TCP ports
Run the ss command with the option “-atn”.

[root@Lion ~]# ss -atn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:10024 *:*
LISTEN 0 100 127.0.0.1:10025 *:*
LISTEN 0 100 *:587 *:*
LISTEN 0 64 *:38861 *:*
LISTEN 0 100 *:110 *:*
LISTEN 0 100 *:143 *:*
LISTEN 0 128 127.0.0.1:783 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:21 *:*
LISTEN 0 100 *:25 *:*
LISTEN 0 128 *:2233 *:*
LISTEN 0 128 *:37982 *:*
LISTEN 0 100 *:993 *:*
LISTEN 0 100 *:995 *:*
TIME-WAIT 0 0 192.168.11.62:25 45.142.120.183:20614
TIME-WAIT 0 0 192.168.11.62:25 45.142.120.183:33136
・・・abbreviation・・・

● Show only UDP ports
Run the ss command with the option “-anu”.

[root@Lion ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:48532 *:*
UNCONN 0 0 *:40884 *:*
UNCONN 0 0 *:111 *:*
UNCONN 0 0 127.0.0.1:323 *:*
ESTAB 0 0 192.168.11.62:45568 192.168.11.1:53
ESTAB 0 0 192.168.11.62:57961 192.168.11.1:53
UNCONN 0 0 127.0.0.1:723 *:*
UNCONN 0 0 *:724 *:*
ESTAB 0 0 192.168.11.62:35666 192.168.11.1:53
UNCONN 0 0 :::45110 :::*
UNCONN 0 0 :::111 :::*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 :::724 :::*
UNCONN 0 0 :::43156 :::*

●Display both TCP and UDP ports.
Run the ss command with the option “-atnu”.

[root@Lion ~]# ss -atnu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:48532 *:*
udp UNCONN 0 0 *:40884 *:*
udp UNCONN 0 0 *:111 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 127.0.0.1:723 *:*
udp UNCONN 0 0 *:724 *:*
udp ESTAB 0 0 192.168.11.62:58651 192.168.11.1:53
udp UNCONN 0 0 :::45110 :::*
udp UNCONN 0 0 :::111 :::*
udp UNCONN 0 0 ::1:323 :::*
udp UNCONN 0 0 :::724 :::*
udp UNCONN 0 0 :::43156 :::*
tcp LISTEN 0 128 127.0.0.1:10024 *:*
tcp LISTEN 0 100 127.0.0.1:10025 *:*
tcp LISTEN 0 100 *:587 *:*
tcp LISTEN 0 64 *:38861 *:*
tcp LISTEN 0 100 *:110 *:*
tcp LISTEN 0 100 *:143 *:*
tcp LISTEN 0 128 127.0.0.1:783 *:*
tcp LISTEN 0 128 *:111 *:*
tcp LISTEN 0 128 *:21 *:*
tcp LISTEN 0 100 *:25 *:*
tcp LISTEN 0 128 *:2233 *:*
tcp LISTEN 0 128 *:37982 *:*
tcp LISTEN 0 100 *:993 *:*
tcp LISTEN 0 100 *:995 *:*
tcp TIME-WAIT 0 0 192.168.11.62:25 45.142.120.183:62652
・・・abbreviation・・・

●Display the ports where communication has been established.
Run the ss command with the option “-t”.

[root@Lion ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.11.62:smtp 45.142.120.183:57896
ESTAB 0 0 192.168.11.62:smtp 45.142.120.183:6772
CLOSE-WAIT 56 0 127.0.0.1:48094 127.0.0.1:10025
ESTAB 0 0 192.168.11.62:smtp 45.142.120.183:19356
ESTAB 0 288 192.168.11.62:infocrypt 192.168.11.51:64079
ESTAB 0 18 192.168.11.62:smtp 45.142.120.183:58682
CLOSE-WAIT 56 0 127.0.0.1:48652 127.0.0.1:10025
ESTAB 0 0 ::ffff:xxx.xxx.xxx.xxx:http ::ffff:xxx.xxx.xxx.xxx:48918

xxx.xxx.xxx.xxx is the IP address of the Linux server

●Each item of the ss command execution result

NetidSocket Type
u_str:UNIX Domain socket
tcp :TCP socket
udp :UDP socket
StateCommunication status
Recv-QNumber of incoming queues
Send-QNumber of outgoing queues
Local Address:PortDisplay server-side IP or socket file and port
Peer Address:PortDisplays the IP or socket file and port of the communicating side.

Checking the ports used by a process in Linux (lsof command)

To check the port used by a process in Linux, use the “lsof” command.
Checking the ports used by processes in Linux is very important to check the security status of Linux, to see if any unwanted programs are running, if any illegal backdoors are installed, etc.

The “lsof” command is a command that can display the process name and execution user name that Linux is using.
If you want to check only the port usage information, you can run it with the option “-i”.

To check all the usage information such as ports, you need to run the lsof command as root user.

●Check which port the process is using.

Run the “lsof” command with the option “-i”.

[root@Lion ~]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3381 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
chronyd 3758 chrony 1u IPv4 27912 0t0 UDP localhost:323
chronyd 3758 chrony 2u IPv6 27913 0t0 UDP localhost:323
proftpd 3811 nobody 0u IPv4 28910 0t0 TCP *:ftp (LISTEN)
sshd 4097 root 3u IPv4 32041 0t0 TCP *:infocrypt (LISTEN)
httpd 4266 root 4u IPv6 29480 0t0 TCP *:http (LISTEN)
httpd 4356 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
master 4805 root 13u IPv4 30593 0t0 TCP *:smtp (LISTEN)
master 4805 root 14u IPv6 30594 0t0 TCP *:smtp (LISTEN)
master 4805 root 18u IPv4 30603 0t0 TCP *:submission (LISTEN)
master 4805 root 19u IPv6 30604 0t0 TCP *:submission (LISTEN)
master 4805 root 96u IPv4 30682 0t0 TCP localhost:10025 (LISTEN)
mysqld 4836 mysql 15u IPv6 29617 0t0 TCP *:mysql (LISTEN)
httpd 24688 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
sshd 27736 root 3u IPv4 23220846 0t0 TCP Tiger:infocrypt->192.168.11.51:64079 (ESTABLISHED)
sshd 27776 tama 3u IPv4 23220846 0t0 TCP Tiger:infocrypt->192.168.11.51:64079 (ESTABLISHED)
・・・abbreviation・・・

●Each item in the “lsof” command execution result

ItemMeaning
COMMANDhe command that is being executed.
PIDprocess IDD
USERExecution User
FDfile descriptor
TYPEtype
DEVICEdevice
SIZE/OFFfile syze
NODEprotocol
NAMEfile or port

●Show processes using a specific port number.
To see which processes are using a particular port number, run the lsof command with the option “-i” and
To check for processes using a specific port number, run the lsof command with the option “-i” and specify the specific port number separated by a “:” (colon).
The following shows port 80 for the web server

[root@Lion ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 3381 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
httpd 4266 root 4u IPv6 29480 0t0 TCP *:http (LISTEN)
httpd 4356 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
httpd 24688 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)
httpd 62737 daemon 4u IPv6 29480 0t0 TCP *:http (LISTEN)

 

Check the port numbers of the services in Linux with a file (/etc/services)

Services running on Linux will use a service-specific port number by default.
For example, TCP port number 80 for http, 443 for https, and so on. To figure out these port numbers, you have to check the service’s own configuration file, but the commonly assumed port numbers are listed in the /etc/services file.

[root@Lion ~]# vi /etc/services
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
#
# Network services, Internet style
# IANA services version: last updated 2013-04-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn’t support UDP operations.
# Updated from RFC 1700, “Assigned Numbers” (October 1994). Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name port/protocol [aliases …] [# comment]tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
“/etc/services” 11176L, 670293C
・・・・abbreviation・・・・
タイトルとURLをコピーしました