Scribd
Upload
2K views

Identifying Open Ports Linux

The document describes how to use netstat and ps commands in Linux to identify which processes and files are associated with open network ports. It shows an example of using netstat to see that port TCP/443 is open and listening, and then using ps to see that the httpd process with ID 1925 is bound to that port and its executable file is /usr/sbin/httpd.

Uploaded by

ddtaxe
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
2K views

Identifying Open Ports Linux

The document describes how to use netstat and ps commands in Linux to identify which processes and files are associated with open network ports. It shows an example of using netstat to see that port TCP/443 is open and listening, and then using ps to see that the httpd process with ID 1925 is bound to that port and its executable file is /usr/sbin/httpd.

Uploaded by

ddtaxe
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Identifying Open Ports/Services on Linux

Many tools are available to map open network ports to actual processes and files in
Linux. We will take a look at just one example.

First, we need to look at our listening network ports. We will utilize the ‘-anp –tcp’ flags
to the netstat command to list all processes (-a), don’t map port numbers to friendly name
(-n), list the process ID associated with the network port (-p) and for this example, we
will limit the output to only TCP listeners (--tcp):
[jklemenc]# netstat -anp --tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:544 0.0.0.0:* LISTEN 1826/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4677/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16446/sshd
tcp 0 0 0.0.0.0:2105 0.0.0.0:* LISTEN 1826/xinetd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 841/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1925/httpd

In this example, we are interested in the TCP/443 network listener. The output indicates
that httpd is running as process ID 1925 and has TCP/443 open. A quick check using the
‘ps’ command with the PID (-p) parameter to display only the PID returned above along
with a parameter to display the full path of the file (-f):
[jklemenc]# ps -p 1925 -f
UID PID PPID C STIME TTY TIME CMD
root 1925 1 0 2004 ? 00:03:36 /usr/sbin/httpd

We see from above that /usr/sbin/http is running as PID 1925 as user root.

Identifying Open Ports/Services on Linux


02/2005

You might also like