Search This Blog

Monday, July 5, 2010

Identifying Open Ports/Services on Linux

Many tools are available to map open network ports to actual processes and files in
Linux. We will take a look at just one example.

First, we need to look at our listening network ports. We will utilize the ‘-anp –tcp’ flags
to the netstat command to list all processes (-a), don’t map port numbers to friendly name
(-n), list the process ID associated with the network port (-p) and for this example, we
will limit the output to only TCP listeners (--tcp):

[jklemenc]# netstat -anp --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
PID/Program name  
tcp     0      0   *               LISTEN      1826/xinetd        
tcp     0      0  *               LISTEN      4677/mysqld        
tcp     0      0    *               LISTEN      16446/sshd          
tcp     0      0  *               LISTEN      1826/xinetd        
tcp     0      0*               LISTEN      841/sshd            
tcp     0      0   *               LISTEN      1925/httpd          

In this example, we are interested in the TCP/443 network listener. The output indicates
that httpd is running as process ID 1925 and has TCP/443 open. A quick check using the
‘ps’ command with the PID (-p) parameter to display only the PID returned above along
with a parameter to display the full path of the file (-f):

[jklemenc]# ps -p 1925 -f
root      1925     1  0  2004 ?        00:03:36 /usr/sbin/httpd

We see from above that /usr/sbin/http is running as PID 1925 as user root.

No comments:

Post a Comment

leave your message if you need help ...

Related Posts with Thumbnails