How many ports can a Linux server open at most?

Port-related concepts:

In network technology, ports include two types: logical ports and physical ports. A physical port refers to a physically existing port, such as an interface on an ADSL Modem, hub, switch, or router that is used to connect to other network devices, such as an RJ-45 port, SC port, and so on. Logical ports refer to ports used to distinguish services in a logical sense, such as service ports in the TCP/IP protocol. The port number ranges from 0 to 65535, such as port 80 for web browsing services and port 21 for FTP services. Due to the large number of physical ports and logical ports, in order to distinguish the ports, each port is numbered, which is the port number.

Ports can be divided into three categories according to port numbers:

1: Well Known Port

The recognized port numbers range from 0 to 1023. They are closely bound to some common services. For example, FTP service uses port 21. You can see this mapping relationship in /etc/services.

2: Registered Ports:

From 1024 to 49151. They are loosely bound to some services. That is to say, there are many services bound to these ports, and these ports are also used for many other purposes.

3: Dynamic and/or Private Ports

Dynamic ports, or private port numbers, are port numbers that can be used by any software to communicate with any other software, using the Internet's Transmission Control Protocol, or User Transport Protocol. Dynamic ports generally range from 49152 to 65535

There is a limited range of ports in Linux. If I want to reserve certain ports for my program, then I need to control this port range. /proc/sys/net/ipv4/ip_local_port_range defines the local TCP/UDP port range. You can define net.ipv4.ip_local_port_range = 1024 65000 in /etc/sysctl.conf

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
[root@localhost ~]# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

Regarding ports and services, I once used a public toilet as an example. Each toilet in the public toilet is like each port in the system. Providing convenience to people is the so-called service. If you provide these services, then you must open the port (toilet). When someone goes to the toilet, a link is established on these ports. If the toilet is occupied by someone, it means that the port number is occupied by the service. If one day the public toilet service is no longer provided here and the public toilet is demolished, there will naturally be no port number. In fact, a more vivid example is like a bank lobby. The port numbers are the counters, and the people who take numbers and handle business are like various clients connected to the server. They send business contacts to the counter through port redirection technology. To give another easy-to-understand example, the port number is like each station on the high-speed rail line. For example, Changsha, Yueyang, etc. represent a port number respectively. Passengers use train tickets to go to their respective stations, which is like the IP packets sent by each application to the server port.

Relationship between ports and services

What is the use of ports? We know that a host with an IP address can provide many services, such as Web services, FTP services, SMTP services, etc. These services can be fully implemented through one IP address. So, how does the host distinguish different network services? Obviously, we cannot rely solely on IP addresses, because the relationship between IP addresses and network services is a one-to-many relationship. In fact, different services are distinguished by "IP address + port number".

The correspondence between port numbers and corresponding services is stored in the /etc/services file, where most ports can be found.

How to check whether the port is open? In fact, if you don’t sort it out, you won’t know there are so many methods!

1: nmap tool detects open ports

Nmap is a network scanning and host detection tool. The installation of nmap is very simple, as shown below in the rpm installation.

[root@DB-Server Server]# rpm -ivh nmap-4.11-1.1.x86_64.rpm 
warning: nmap-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ############################################# [100%]
   1:nmap ############################################### [100%]
[root@DB-Server Server]# rpm -ivh nmap-frontend-4.11-1.1.x86_64.rpm 
warning: nmap-frontend-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ############################################# [100%]
   1:nmap-frontend ############################################## [100%]

The use of nmap could be described in great detail and at length, so I will not elaborate on it here. As shown below, nmap 127.0.0.1 checks the open ports on the local machine and scans all ports. Of course, you can also scan other server ports.

[root@DB-Server Server]# nmap 127.0.0.1
 
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2016-06-22 15:46 CST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
1011/tcp open unknown
3306/tcp open mysql
 
Nmap finished: 1 IP address (1 host up) scanned in 0.089 seconds
You have new mail in /var/spool/mail/root
[root@DB-Server Server]#

2: Use the netstat tool to detect open ports

[root@DB-Server Server]# netstat -anlp | grep 3306
tcp 0 0 :::3306 :::* LISTEN 7358/mysqld         
[root@DB-Server Server]# netstat -anlp | grep 22
tcp 0 0 :::22 :::* LISTEN 4020/sshd           
tcp 0 52 ::ffff:192.168.42.128:22 ::ffff:192.168.42.1:43561 ESTABLISHED 6198/2              
[root@DB-Server Server]#

As shown above, this tool does not feel as concise as nmap. Of course, it is not as powerful as nmap.

3: lsof tool detects open ports

[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]# 

[root@DB-Server Server]# lsof -i TCP| fgrep LISTEN
cupsd 3153 root 4u IPv4 9115 TCP localhost.localdomain:ipp (LISTEN)
portmap 3761 rpc 4u IPv4 10284 TCP *:sunrpc (LISTEN)
rpc.statd 3797 rpcuser 7u IPv4 10489 TCP *:1011 (LISTEN)
sshd 4020 root 3u IPv6 12791 TCP *:ssh (LISTEN)
sendmail 4042 root 4u IPv4 12876 TCP localhost.localdomain:smtp (LISTEN)

4: ss tool detects open ports

[root@localhost ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port              
LISTEN 0 50 *:3306 *:*                  
LISTEN 0 128 *:111 *:*                  
LISTEN 0 128 *:22 *:*                  
LISTEN 0 32 *:8808 *:*                  
LISTEN 0 128 [::]:111 [::]:*                  
LISTEN 0 128 [::]:22 [::]:*                  
[root@localhost ~]# 

5: Use telnet to check whether the port is open

Even if the server port is in listening state, but the firewall iptables blocks the port, this method cannot be used to detect whether the port is open.

6: Use the netcat tool to check whether the port is open

[root@DB-Server ~]# nc -vv 192.168.42.128 1521
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
[root@DB-Server ~]# nc -z 192.168.42.128 1521; echo $?
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
0
[root@DB-Server ~]# nc -vv 192.168.42.128 1433
nc: connect to 192.168.42.128 port 1433 (tcp) failed: No route to host

Closed ports and open ports

Closing a port and opening a port should be two different concepts. Each port has a corresponding service. Therefore, to close a port, you only need to close the corresponding service. As shown in the following example, the MySQL service is turned on and port 3306 is in listening state. After the MySQL service is turned off, port 3306 is naturally closed.

[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]#

Therefore, some unnecessary ports and services in the system should be closed for security reasons or resource conservation. Close the corresponding port. In addition, even if the service is turned on, the firewall restricts the corresponding port, so that the port cannot be accessed, but the port itself is not closed, it is just blocked.

This concludes this article on how many ports a Linux server can open at most. For more information about open ports on Linux servers, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!