Shulou(Shulou.com)06/02 Report--

This article will share with you about how to check the port numbers occupied by Linux processes. The editor thought it was very practical, so I shared it with you as a reference. Let's follow the editor and have a look.

It is important for Linux system administrators to know whether a service binds or listens to a port correctly. If you need to deal with port-related issues, this article may be useful to you.

A port is an identification of a logical connection between specific processes on a Linux system, including physical ports and software ports. Because the Linux operating system is a software, this article only discusses the software port. The software port is always associated with the IP address of the host and the associated communication protocol, so the port is often used to distinguish applications. Most network-related services must open a socket to listen for incoming network requests, and each service uses a separate socket.

Sockets are used in conjunction with IP addresses, software ports, and protocols, while port numbers apply to both Transmission Control Protocol (TCP) and user Datagram Protocol (UDP) protocols, and both TCP and UDP can communicate using port numbers between 0 and 65535.

The following are port assignment categories:

0-1023: common ports and system ports

1024-49151: registered port of the softwar

49152-65535: dynamic port or private port

You can find more information about reserved ports in the / etc/services file on Linux.

# less / etc/services# / etc/services:# $Id: services,v 1.55 2013-04-14 ovasik Exp $# # Network services, Internet style# IANA services version: last updated 2013-04-10 last updated # Note that it is presently the policy of IANA to assign a single well-known# port number for both TCP and UDP; hence, most entries here have two entries# even if the protocol doesn't support UDP operations.# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports# are included, only the more common ones.## The latest IANA port assignments can be gotten from# http://www.iana.org/assignments/port-numbers# The Well Known Ports are those from 0 through 1023.# The Registered Ports are those from 1024 through 49151# The Dynamic and/or Private Ports are those from 49152 through 65535## Each line describes one service And is of the form:## service-name port/protocol [aliases...] [# comment] tcpmux 1/tcp # TCP port service multiplexertcpmux 1/udp # TCP port service multiplexerrje 5/tcp # Remote Job Entryrje 5/udp # Remote Job Entryecho 7/tcpecho 7/udpdiscard 9/tcp sink nulldiscard 9/udp sink nullsystat 11/tcp userssystat 11/udp usersdaytime 13/tcpdaytime 13/udpqotd 17/tcp quoteqotd 17/udp quotemsp 18/tcp # message send protocol (historic) msp 18/udp # message send protocol (historic) chargen 19/tcp ttytst Sourcechargen 19/udp ttytst sourceftp-data 20/tcpftp-data 20/udp# 21 is registered to ftp But also used by fspftp 21/tcpftp 21/udp fsp fspdssh 22/tcp # The Secure Shell (SSH) Protocolssh 22/udp # The Secure Shell (SSH) Protocoltelnet 23/tcptelnet 23/udp# 24-private mail systemlmtp 24/tcp # LMTP Mail Deliverylmtp 24/udp # LMTP Mail Delivery

You can view port information in the following six ways.

Ss: can be used to dump socket statistics.

Netstat: you can display a list of open sockets.

Lsof: you can list open files.

Fuser: you can list the process ID of those processes that have the file open.

Nmap: is a network detection tool and port scanner.

Systemctl: is the control manager and service manager of the systemd system.

Next we will find out the port number used by the sshd daemon.

Method 1: use the ss command

Ss is typically used to dump socket statistics. It can output information similar to netstat output, but it can display more TCP information and status information than other tools.

It can also display socket statistics of all types, including PACKET, TCP, UDP, DCCP, RAW, Unix fields, and so on.

# ss-tnlp | grep sshLISTEN 0 128 *: 22 *: * users: (("sshd", pid=997,fd=3)) LISTEN 0 128:: 22: * users: (("sshd", pid=997,fd=4))

You can also use the port number to check.

# ss-tnlp | grep ": 22" LISTEN 0 128 *: 22 *: * users: (("sshd", pid=997,fd=3)) LISTEN 0 128: 22: * users: (("sshd", pid=997,fd=4))

Method 2: use the netstat command

Netstat can display network connections, routing tables, interface statistics, camouflage connections, and multicast members.

By default, netstat lists open sockets. If you do not specify any address families, the active sockets for all configured address families are displayed. But netstat is out of date and usually uses ss instead.

# netstat-tnlp | grep sshtcp 0 0 0.0 0 grep sshtcp 22 0 0 0 LISTEN 997/sshdtcp6 0: 22:: * LISTEN 997/sshd

You can also use the port number to check.

# netstat-tnlp | grep ": 22" tcp 0 0 0.0.0.0 tcp 22 0.0.0.0 LISTEN 1208/sshdtcp6 0 0:: 22:: * LISTEN 1208/sshd

Method 3: use the lsof command

Lsof can list open files and list information about files opened by processes on the system.

# lsof-I-P | grep sshCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 11584 root 3u IPv4 27625 0t0 TCP *: 22 (LISTEN) sshd 11584 root 4U IPv6 27627 0t0 TCP *: 22 (LISTEN) sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh- > 103.5.134.167IPv4 49902 (ESTABLISHED)

You can also use the port number to check.

# lsof-I tcp:22COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEsshd 1208 root 3u IPv4 20919 0t0 TCP *: ssh (LISTEN) sshd 1208 root 4U IPv6 20921 0t0 TCP *: ssh (LISTEN) sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh- > 103.5.134.167Groupe 49902 (ESTABLISHED)

Method 4: use the fuser command

The fuser tool displays the process ID of the process with the file open on the local system in standard output.

# fuser-v 22/tcp USER PID ACCESS COMMAND22/tcp: root 1208 F.... Sshd root 12388 F.... Sshd root 49339 F.... Sshd

Method 5: use the nmap command

Nmap ("Network Mapper") is an open source tool for network detection and security audit. It was originally used for fast scanning of large networks, but it also performs well for scanning a single host.

Nmap uses raw IP packets to determine which hosts are available on the network, their services (including application name and version), the operating system that the host is running (including information such as operating system version, etc.), the type of packet filter or firewall being used, and many other information.

# nmap-sV-p 22 localhostStarting Nmap 6.40 (http://nmap.org) at 2018-09-23 12:36 ISTNmap scan report for localhost (127.0.0.1) Host is up (0.000089s latency). Other addresses for localhost (not scanned): 127.0.0.1PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.4 (protocol 2.0) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .nmap done: 1 IP address (1 host up) scanned in 0.44 seconds

Method 6: use the systemctl command

Systemctl is the control manager and service manager of systemd system. It replaces the old SysV initialization system management, and systemd is currently used in most modern Linux operating systems.

# systemctl status sshd ● sshd.service-OpenSSH server daemon Loaded: loaded (/ usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2018-09-23 02:08:56 EDT 6h 11min ago Docs: man:sshd (8) man:sshd_config (5) Main PID: 11584 (sshd) CGroup: / system.slice/sshd.service └─ 11584 / usr/sbin/sshd-DSep 23 02:08:56 vps.2daygeek.com systemd [1]: Starting OpenSSH server daemon...Sep 23 02:08:56 vps.2daygeek.com sshd [11584]: Server listening on 0.0.0.0 port 22.Sep 23 02:08:56 vps.2daygeek.com sshd [11584]: Server listening On:: port 22.Sep 23 02:08:56 vps.2daygeek.com systemd [1]: Started OpenSSH server daemon.Sep 23 02:09:15 vps.2daygeek.com sshd [11589]: Connection closed by 103.5.134.167 port 49899 [preauth] Sep 23 02:09:41 vps.2daygeek.com sshd [11592]: Accepted password for root from 103.5.134.167 port 49902 ssh3

The above output shows the listening port of the sshd service when the ssh service was last started. However, it does not update the latest log to the output.

# systemctl status sshd ● sshd.service-OpenSSH server daemon Loaded: loaded (/ usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-09-06 07:40:59 IST 2 weeks 3 days ago Docs: man:sshd (8) man:sshd_config (5) Main PID: 1208 (sshd) CGroup: / system.slice/sshd.service ├─ 1208 / usr/sbin/sshd-D ├─ 23951 sshd: [accepted] └─ 23952 sshd: [net] Sep 23 12:50:36 vps.2daygeek.com sshd [23909]: Invalid user pi from 95.210.113.142 port 51666Sep 23 12:50:36 vps.2daygeek.com sshd [23909]: input_userauth_request Invalid user pi [preauth] Sep 23 12:50:37 vps.2daygeek.com sshd [23911]: pam_unix (sshd:auth): check pass User unknownSep 23 12:50:37 vps.2daygeek.com sshd [23911]: pam_unix (sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142Sep 23 12:50:37 vps.2daygeek.com sshd [23909]: pam_unix (sshd:auth): check pass; user unknownSep 23 12:50:37 vps.2daygeek.com sshd [23909]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142Sep 23 12:50:39 vps.2daygeek.com sshd [23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh3Sep 23 12:50:39 vps.2daygeek.com sshd [23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh3Sep 23 12:50:40 vps.2daygeek.com sshd [23911]: Connection closed by 95.210.113.142 port 51670 [preauth] Sep 23 12:50:40 vps.2daygeek. Com sshd [23909]: Connection closed by 95.210.113.142 port 51666 [preauth]

In most cases, the above output does not show the actual port number of the process. At this point, it is recommended to use the following journalctl command to check the details in the log file.

# journalctl | grep-I "openssh\ | sshd" Sep 23 02:08:56 vps138235.vps.ovh.ca sshd: Received signal 15 Terminating.Sep 23 02:08:56 vps138235.vps.ovh.ca systemd [1]: Stopping OpenSSH server daemon...Sep 23 02:08:56 vps138235.vps.ovh.ca systemd [1]: Starting OpenSSH server daemon...Sep 23 02:08:56 vps138235.vps.ovh.ca sshd [11584]: Server listening on 0.0.0.0 port 22.Sep 23 02:08:56 vps138235.vps.ovh.ca sshd [11584]: Server listening on:: port 22.Sep 23 02:08:56 Vps138235.vps.ovh.ca systemd [1]: Started OpenSSH server daemon. Thank you for reading! This is the end of the way to view the port number occupied by the Linux process. I hope the above content can be helpful to you, so that you can learn more knowledge. If you think the article is good, you can share it and let more people see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.