View the port number occupied by the process in Linux
|
For Linux system administrators, it is crucial to know whether a service is correctly bound to or listening to a port. If you need to deal with port related issues, this article may be useful to you. A port is an identifier of a logical connection between specific processes on a Linux system, including physical ports and software ports. Since the Linux operating system is a piece of software, this article discusses only software ports. Software ports are always associated with the host's IP address and the relevant communication protocol, so ports are often used to distinguish between applications. Most services involving the network must open a socket to listen for incoming network requests, and each service uses a separate socket. Sockets are used in combination with IP addresses, software ports, and protocols. Port numbers apply to both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Both TCP and UDP can use port numbers between 0 and 65535 for communication. The following are the port assignment categories:
More information about reserved ports can be found in the /etc/services file on Linux. # less /etc/services # /etc/services: # $Id: services,v 1.55 2013/04/14 ovasik Exp $ # Network services, Internet style # IANA services version: last updated 2013-04-10 # Note that it is currently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports # are included, only the more common ones. # The latest IANA port assignments can be gotten from # http://www.iana.org/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # Each line describes one service, and is of the form: # service-name port/protocol [aliases ...] [# comment] tcpmux 1/tcp # TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp qotd 17/tcp quote qotd 17/udp quote msp 18/tcp # message send protocol (historic) msp 18/udp # message send protocol (historic) chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp-data 20/udp # 21 is registered to ftp, but also used by fsp ftp 21/tcp ftp 21/udp fsp fspd ssh 22/tcp # The Secure Shell (SSH) Protocol ssh 22/udp # The Secure Shell (SSH) Protocol telnet 23/tcp telnet 23/udp # 24 - private mail system lmtp 24/tcp # LMTP Mail Delivery lmtp 24/udp # LMTP Mail Delivery You can use the following six methods to view port information.
Next we will find out the port number used by the sshd daemon. Method 1: Using the ss command ss is generally used to dump socket statistics. It produces output similar to that of netstat, but it displays more TCP information and status information than other tools. It can also display all types of socket statistics, including PACKET, TCP, UDP, DCCP, RAW, Unix domain, etc.
# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))You can also check using the port number.
# ss -tnlp | grep ":22"
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4)) Method 2: Use the netstat command netstat can display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. By default, netstat lists open sockets. If you do not specify any address family, active sockets for all configured address families are displayed. But netstat is outdated and ss is generally used instead. # netstat -tnlp | grep ssh tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 997/sshd tcp6 0 0 :::22 :::* LISTEN 997/sshd You can also check using the port number. # netstat -tnlp | grep ":22" tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd tcp6 0 0 :::22 :::* LISTEN 1208/sshd Method 3: Using lsof command lsof can list open files and list information about files opened by processes on the system. # lsof -i -P | grep ssh COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 11584 root 3u IPv4 27625 0t0 TCP *:22 (LISTEN) sshd 11584 root 4u IPv6 27627 0t0 TCP *:22 (LISTEN) sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED) You can also check using the port number. # lsof -i tcp:22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN) sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN) sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED) Method 4: Using fuser command The fuser tool displays to standard output the process IDs of processes on the local system that have files open. # fuser -v 22/tcp USER PID ACCESS COMMAND 22/tcp: root 1208 F....sshd root 12388 F....sshd root 49339 F....sshd Method 5: Using nmap command nmap ("Network Mapper") is an open source tool for network detection and security auditing. It was originally designed for fast scans of large networks, but it also works well for scanning single hosts. nmap uses raw IP packets to determine the hosts available on the network, the services of those hosts (including application name and version), the operating system the host is running (including information such as the OS version), the type of packet filters or firewalls in use, and much other information. # nmap -sV -p 22 localhost Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-23 12:36 IST Nmap scan report for localhost (127.0.0.1) Host is up (0.000089s latency). Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds Method 6: Using systemctl command systemctl is the control manager and service manager for the systemd system. It replaces the old SysV init system management and is currently used by most modern Linux operating systems. # systemctl status sshd ● sshd.service – OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 11584 (sshd) CGroup: /system.slice/sshd.service └─11584 /usr/sbin/sshd -D Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Starting OpenSSH server daemon... Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on 0.0.0.0 port 22. Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on :: port 22. Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Started OpenSSH server daemon. Sep 23 02:09:15 vps.2daygeek.com sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth] Sep 23 02:09:41 vps.2daygeek.com sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2 The above output shows the listening port of the ssh service when the sshd service was started last time. But it doesn't update the latest log into the output. # systemctl status sshd ● sshd.service – OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-09-06 07:40:59 IST; 2 weeks 3 days ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 1208 (sshd) CGroup: /system.slice/sshd.service ├─ 1208 /usr/sbin/sshd -D ├─23951 sshd: [accepted] └─23952 sshd: [net] Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: Invalid user pi from 95.210.113.142 port 51666 Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: input_userauth_request: invalid user pi [preauth] Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): check pass; user unknown Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): check pass; user unknown Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:39 vps.2daygeek.com sshd[23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh2 Sep 23 12:50:39 vps.2daygeek.com sshd[23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh2 Sep 23 12:50:40 vps.2daygeek.com sshd[23911]: Connection closed by 95.210.113.142 port 51670 [preauth] Sep 23 12:50:40 vps.2daygeek.com sshd[23909]: Connection closed by 95.210.113.142 port 51666 [preauth] In most cases, the above output will not show the actual port number of the process. At this time, it is recommended to use the following journalctl command to check the detailed information in the log file. # journalctl | grep -i "openssh|sshd" Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[997]: Received signal 15; terminating. Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Stopping OpenSSH server daemon... Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Starting OpenSSH server daemon... Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on 0.0.0.0 port 22. Sep 23 02:08:56 vps138235.vps.ovh.ca sshd[11584]: Server listening on :: port 22. Sep 23 02:08:56 vps138235.vps.ovh.ca systemd[1]: Started OpenSSH server daemon. Summarize The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM. If you want to learn more about this, please check out the following links You may also be interested in:
|
<<: Steps to package and deploy the Vue project to the Apache server
>>: Automatic backup of MySQL database using shell script
Recommend
Nginx dynamically forwards to upstream according to the path in the URL
In Nginx, there are some advanced scenarios where...
Combining insert and select to implement the method of "inserting the maximum value of a field in the database + 1"
This article is mysql database Question 1 Import ...
Summary of the use of Vue computed properties and listeners
1. Computed properties and listeners 1.1 Computed...
Summary of MySQL date and time functions (MySQL 5.X)
1. MySQL gets the current date and time function ...
Example of asynchronous file upload in html
Copy code The code is as follows: <form action...
Detailed steps to install Nginx on Linux
1. Nginx installation steps 1.1 Official website ...
HTML+CSS to implement the sample code of the navigation bar drop-down menu
Effect The pictures in the code can be changed by...
Echarts implements switching different X-axes in one graph (example code)
Rendering If you want to achieve the effect shown...
Why MySQL does not recommend using null columns with default values
The answer you often hear is that using a NULL va...
Seven different color schemes for website design experience
The color matching in website construction is ver...
How to modify the group to which a user belongs in Linux
Modify the group to which a user belongs in Linux...
React error boundary component processing
This is the content of React 16. It is not the la...
Detailed explanation of how to install mysql5.7.16 from source code in centos7 environment
This article describes how to install mysql5.7.16...
How to let DOSBox automatically execute commands after startup
Using DOSBox, you can simulate DOS under Windows ...
JS removeAttribute() method to delete an attribute of an element
In JavaScript, use the removeAttribute() method o...