Impara a elencare tutte le porte aperte su sistemi Linux o Unix. Inoltre, visualizza i processi associati ad essi. Un suggerimento utile per risolvere i problemi di connettività del servizio.
Molte volte nella vita dell'amministratore di sistema, è necessario controllare quali porte si aprono sul sistema. A volte è necessario verificare se una determinata porta è in ascolto sul server o meno. Se un particolare servizio sta comunicando su una porta configurata o meno. Se una determinata porta ha stabilito una connessione o meno.
Tutte queste cose possono essere analizzate con i comandi seguenti.
comando netstat:
Ovviamente il primo comando non è altro che netstat comando. Usa netstat con 4 opzioni :
-a:mostra tutti i socket-p:Mostra il PID correlato-t:TCP-u:UDP
# netstat -ptau Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:58573 *:* LISTEN 1013/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind tcp 0 0 *:ssh *:* LISTEN 1208/sshd tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd tcp 0 0 localhost:smtp *:* LISTEN 1287/master tcp 0 0 ip-12-31-28-246.ap-:telnet 112.197.214.169:49648 ESTABLISHED 3213/in.telnetd tcp 0 0 ip-12-31-28-246.ap-:telnet 200-163-187-49.scrce2:53440 ESTABLISHED 3215/in.telnetd tcp 0 0 ip-12-31-28-246.ap-sou:ssh 59.182.17:49413 ESTABLISHED 1441/sshd tcp 0 288 ip-12-31-28-246.ap-sou:ssh 59.182.17:50729 ESTABLISHED 1694/sshd tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind tcp 0 0 *:ssh *:* LISTEN 1208/sshd tcp 0 0 *:telnet *:* LISTEN 1618/xinetd tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd tcp 0 0 localhost:smtp *:* LISTEN 1287/master tcp 0 0 *:56954 *:* LISTEN 1013/rpc.statd udp 0 0 localhost:766 *:* 1013/rpc.statd udp 0 0 *:39730 *:* 1013/rpc.statd udp 0 0 *:bootpc *:* 884/dhclient udp 0 0 *:netrcs *:* 991/rpcbind udp 0 0 *:sunrpc *:* 991/rpcbind udp 0 0 *:ipp *:* 1069/cupsd udp 0 0 *:60991 *:* 1013/rpc.statd udp 0 0 *:netrcs *:* 991/rpcbind udp 0 0 *:sunrpc *:* 991/rpcbind
Nell'output sopra puoi vedere:
- La prima colonna è un protocollo
- L'indirizzo locale della quarta colonna include IP locale, porta, servizio
- Quinta colonna IP di destinazione, porta e così via
- La sesta colonna è lo stato corrente
- L'ultima colonna è il PID e il nome del processo che possiede quel socket
Un altro modo è usare netstat con un'opzione:
# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9633 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:9634 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:7938 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9060 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9061 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:14502 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:14503 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8359 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:810 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9101 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9133 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8881 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9043 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9044 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9081 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:2809 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:2810 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6556 0.0.0.0:* LISTEN tcp 0 0 10.10.5.160:42124 10.10.5.199:35994 ESTABLISHED tcp 0 0 10.10.5.160:42376 10.10.5.199:39154 ESTABLISHED tcp 0 0 10.10.5.160:8881 10.10.5.160:55117 TIME_WAIT tcp 0 0 10.10.5.160:44367 10.10.5.199:48181 ESTABLISHED tcp 0 0 10.10.5.160:36671 10.10.5.199:58137 ESTABLISHED tcp 1 0 10.10.5.160:56253 10.10.5.160:9081 CLOSE_WAIT tcp 0 0 10.10.5.160:57168 10.10.5.52:1521 ESTABLISHED tcp 0 0 10.10.5.160:8880 10.10.5.160:55035 TIME_WAIT tcp 0 0 10.10.5.160:6556 10.100.22.173:51544 ESTABLISHED udp 0 0 0.0.0.0:7938 0.0.0.0:* udp 0 0 0.0.0.0:37909 0.0.0.0:* udp 0 0 0.0.0.0:161 0.0.0.0:* udp 0 0 0.0.0.0:804 0.0.0.0:* udp 0 0 0.0.0.0:807 0.0.0.0:* udp 0 0 0.0.0.0:177 0.0.0.0:* udp 0 0 0.0.0.0:5353 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 203.127.98.134:123 0.0.0.0:* udp 0 0 10.10.5.160:123 0.0.0.0:* udp 0 0 127.0.0.1:123 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 7690 @ISCSIADM_ABSTRACT_NAMESPACE unix 2 [ ACC ] STREAM LISTENING 11363 @/tmp/fam-root- unix 2 [ ACC ] STREAM LISTENING 11003 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 8701 @/var/run/hald/dbus-RL64SjEdUd unix 2 [ ACC ] STREAM LISTENING 247409367 /jas/HTTPServer/logs/cgisock.14073 unix 2 [ ACC ] STREAM LISTENING 247409370 /jas/HTTPServer/logs/siddport unix 2 [ ACC ] STREAM LISTENING 11221 /tmp/.gdm_socket unix 14 [ ] DGRAM 8008 /dev/log unix 2 [ ACC ] STREAM LISTENING 7668 @ISCSID_UIP_ABSTRACT_NAMESPACE unix 2 [ ] DGRAM 1797 @/org/kernel/udev/udevd unix 2 [ ] DGRAM 8709 @/org/freedesktop/hal/udev_event unix 2 [ ACC ] STREAM LISTENING 8700 @/var/run/hald/dbus-mO28j2Fpoe unix 2 [ ACC ] STREAM LISTENING 7963 /var/run/audispd_events unix 2 [ ACC ] STREAM LISTENING 10761 /tmp/.font-unix/fs7100 unix 2 [ ACC ] STREAM LISTENING 10709 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 8608 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 8675 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 11248 /tmp/.X11-unix/X0 unix 2 [ ] DGRAM 322339652 unix 2 [ ] STREAM CONNECTED 284330078 unix 2 [ ] STREAM CONNECTED 83187468 unix 2 [ ] DGRAM 11482214 unix 2 [ ] STREAM CONNECTED 98040 unix 3 [ ] STREAM CONNECTED 11366 @/tmp/fam-root- unix 3 [ ] STREAM CONNECTED 11365 unix 3 [ ] STREAM CONNECTED 11356 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 11355 unix 3 [ ] STREAM CONNECTED 11333 /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 11332 unix 3 [ ] STREAM CONNECTED 11306 /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 11305 unix 3 [ ] STREAM CONNECTED 11283 /tmp/.font-unix/fs7100 unix 3 [ ] STREAM CONNECTED 11282 unix 2 [ ] DGRAM 11254 unix 3 [ ] STREAM CONNECTED 11286 /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 11253 unix 3 [ ] STREAM CONNECTED 11252 /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 11251 unix 3 [ ] STREAM CONNECTED 11006 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 11005 unix 3 [ ] STREAM CONNECTED 11000 unix 3 [ ] STREAM CONNECTED 10999 unix 2 [ ] DGRAM 10997 unix 2 [ ] DGRAM 10851 unix 2 [ ] DGRAM 10686 unix 2 [ ] DGRAM 10661 unix 2 [ ] DGRAM 10594 unix 2 [ ] DGRAM 10569 unix 2 [ ] DGRAM 10453 unix 3 [ ] STREAM CONNECTED 10344 /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 10343 unix 3 [ ] STREAM CONNECTED 10298 @/var/run/hald/dbus-mO28j2Fpoe unix 3 [ ] STREAM CONNECTED 10297 unix 3 [ ] STREAM CONNECTED 10117 @/var/run/hald/dbus-mO28j2Fpoe unix 3 [ ] STREAM CONNECTED 10113 unix 3 [ ] STREAM CONNECTED 10096 /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 10093 unix 3 [ ] STREAM CONNECTED 10063 @/var/run/hald/dbus-mO28j2Fpoe unix 3 [ ] STREAM CONNECTED 10059 unix 3 [ ] STREAM CONNECTED 8704 @/var/run/hald/dbus-RL64SjEdUd unix 3 [ ] STREAM CONNECTED 8703 unix 3 [ ] STREAM CONNECTED 8612 unix 3 [ ] STREAM CONNECTED 8611 unix 3 [ ] STREAM CONNECTED 8466 unix 3 [ ] STREAM CONNECTED 8465 unix 2 [ ] DGRAM 8343 unix 2 [ ] DGRAM 8016 unix 3 [ ] STREAM CONNECTED 7954 unix 3 [ ] STREAM CONNECTED 7953
comando lsof :
Usando lsof comando inoltre puoi tracciare le porte aperte correnti sul sistema. lsof elenca principalmente i file aperti. Poiché i socket sono trattati come file di rete a livello di kernel e sono trattati come aperti durante la comunicazione, i socket possono essere elencati usando lsof !
lsof ha -i opzione specifica per elencare i file di rete.
# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dhclient 884 root 5u IPv4 10791 0t0 UDP *:bootpc rpcbind 991 rpc 6u IPv4 11109 0t0 UDP *:sunrpc rpcbind 991 rpc 7u IPv4 11111 0t0 UDP *:netrcs rpcbind 991 rpc 8u IPv4 11112 0t0 TCP *:sunrpc (LISTEN) rpcbind 991 rpc 9u IPv6 11114 0t0 UDP *:sunrpc rpcbind 991 rpc 10u IPv6 11116 0t0 UDP *:netrcs rpcbind 991 rpc 11u IPv6 11117 0t0 TCP *:sunrpc (LISTEN) rpc.statd 1013 rpcuser 6u IPv4 11206 0t0 UDP localhost:766 rpc.statd 1013 rpcuser 7u IPv4 11210 0t0 UDP *:39730 rpc.statd 1013 rpcuser 8u IPv4 11214 0t0 TCP *:58573 (LISTEN) rpc.statd 1013 rpcuser 9u IPv6 11218 0t0 UDP *:60991 rpc.statd 1013 rpcuser 10u IPv6 11222 0t0 TCP *:56954 (LISTEN) cupsd 1069 root 6u IPv6 11412 0t0 TCP localhost:ipp (LISTEN) cupsd 1069 root 7u IPv4 11413 0t0 TCP localhost:ipp (LISTEN) cupsd 1069 root 9u IPv4 11416 0t0 UDP *:ipp sshd 1208 root 3u IPv4 11960 0t0 TCP *:ssh (LISTEN) sshd 1208 root 4u IPv6 11962 0t0 TCP *:ssh (LISTEN) master 1287 root 11u IPv4 12158 0t0 TCP localhost:smtp (LISTEN) master 1287 root 12u IPv6 12160 0t0 TCP localhost:smtp (LISTEN) sshd 1441 root 3r IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED) sshd 1444 ec2-user 3u IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED) xinetd 1618 root 5u IPv6 13908 0t0 TCP *:telnet (LISTEN) sshd 1694 root 3r IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED) sshd 1697 ec2-user 3u IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED) in.telnet 3420 root 0u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3420 root 1u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3420 root 2u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3422 root 0u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED) in.telnet 3422 root 1u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED) in.telnet 3422 root 2u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED)
Nell'output sopra, puoi vedere quale comando viene eseguito da quale utente che utilizza quale socket e stato della porta alla fine!
Se hai altri trucchi per elencare le porte aperte sul sistema, faccelo sapere nei commenti. Lo aggiungeremo a questo post.