View commands for Linux ports and firewall ports

Common commands

Netstat-pan|grep 2809: View a specific port situation

NETSTAT-NL | grep 110: View a specific port situation

NETSTAT-AP: List the connected PID (process number) based on the above command, using this PID, you can use Kill to kill the connection
For example: a connected pid=111 that wants to kick out uses KILL-9 111. Ok!
NETSTAT-RN: Output Routing Table
Nmap 127.0.0.1: View native open ports, scan all ports
Nmap-p 1024 65535? 127.0.0.1: Scan specified port range
Nmap-pt 192.168.1.1-111? : Scan a range of computers

Linux Port View command

Under Linux, if we need to know the port number No. 2809, we can do this, like the following command:

$netstat-pan|grep 2809

TCP 0 0 0.0.0.0:2809 0.0.0.0:* LISTEN 9493/java

The following are explanations of common parameters:

NETSTAT [-A] [-b] [-e] [-n] [-O] [-P proto] [-r] [-S] [-v] [interval]

-a displays all connections and listening ports.

-B Displays the executable components that are included in creating each connection or listening port. In some cases, the executable component is known

has multiple independent components, and in these cases

A sequence of components that are included in creating a connection or listening port is displayed. In this case, the name of the executable component

At the bottom of [], the top is the component it calls, and so on, until the TCP/IP section. Note this option

It may take a long time to fail if insufficient permissions are available.

　　

-e Displays Ethernet statistics. This option can be used in combination with the-s option.

　　

-N Displays the address and port number in digital form.

-O Displays the owning process ID associated with each connection.

-p proto shows the connection proto the specified protocol; proto can be

One of the following protocols: TCP, UDP, TCPv6, or UDPV6.

If used with the-s option to display per-protocol statistics, Proto can be one of the following protocols:

IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPV6.

-r Displays the routing table.

-S displays statistical information by protocol. By default, the display IP,

IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPV6 statistics;

The-p option specifies a subset of the default conditions.

　　

-V is used with the-B option to display the containing

Creates a component that connects or listens on ports for all executable components.

　　

Interval Displays the selected statistics, between each display

Pause interval (in seconds). Press CTRL + C to stop re-

Displays statistics. If omitted, Netstat displays the current

Configuration information (show only once)

NETSTAT-NL | grep 110

You can use it if you see the result (the port number is turned on)

First, you can look at the/etc/services file, change the file definition of all the services in Linux and the ports used

Firewall port:

When Linux opens the firewall, you will find that it is no problem to log on to port 23 from the local computer, but if you log in to the Linux system from another PC, you will find that you are prompted with such an error:

Cannot open connection to host on port 23: Connection Failed

Because the Linux firewall is closed by default 23 port, if you allow remote login, you can switch off the firewall, or open a firewall open 23 port, as follows:

Immediate effect, fail after reboot

Open: Service iptables start

Close: Service iptables stop

Effective after reboot

Open: Chkconfig iptables on

OFF: Chkconfig iptables off

When the firewall is turned on, make the following settings to open the relevant port

Modify the/etc/sysconfig/iptables file to add the following:

-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 23-j ACCEPT

View Firewall iptables-l

------------------

NETSTAT-NUPL (UDP-type port)
NETSTAT-NTPL (Port of TCP type)
You can use the lsof command to see if a port is open. The view port can be used this way, I'll take Port 80 as an example:
Lsof-i:80
If there is an indication that the display is open, no indication is not open.

Linux ports and services: I. Relationship of ports and services
The port number corresponds to the corresponding service in the/etc/services file, where most of the ports can be found. Using the netstat command
The service name that is displayed is also found in this file. Some people say that the corresponding port number in this file is commented out, you can disable the port.
I tried but it didn't work, this method should be useless, is misinformation! Comment out the corresponding port number, the only function is to use Netsat
command, the service name (such as FTP) is not displayed, but the port number (such as 21) is displayed. The principle is simple: netstat cannot be/etc/services
The service name of the port number found in the file will not be displayed naturally. So the/etc/services file is just the port number and the corresponding service
Mapping relationship is not related to port startup and shutdown!
Second, check the open port of the machine
1. Netstat view ports and connections
Netstat lists the service names that are currently connected
NETSTAT-A lists the currently connected and listening service names
Netstat-an lists the port numbers that are currently connected and listening (as with the command function above, just not explaining the service name for the port number)
NETSTAT-AP lists the connected PID (process number) based on the above command, using this PID, you can use Kill to kill the connection
For example: a connected pid=111 that wants to kick out uses KILL-9 111. Ok!
NETSTAT-RN Output Routing Table
2, Nmap
Nmap 127.0.0.1 View native open ports, scan all ports
Nmap-p 1024 65535? 127.0.0.1 Scan specified port range
Nmap-pt 192.168.1.1-111? Scan a range of computers
Three, close and open ports (service)
Ways to close ports:
1, because each port has a corresponding service, so to shut down the port as long as the corresponding service to close.
2, using iptable to limit the port, so that the port can not be accessed, but the port itself is not closed.
Here only the method of shutting down the service is introduced, and the application of iptable is discussed later.
Linux boot auto-start services are generally stored in two places:
Services under the/etc/init.d/folder:
The services under this folder can be started or closed by running the appropriate script.
Example: Start the SendMail service./sendmail Start (TCP 25 port is turned on)
Close the SendMail service./sendmail Stop (Close TCP 25 port)
View the current status of the SendMail service./sendmail? Status (see if the service is running)
Services under the/etc/xinetd.d/folder:
The service under this folder needs to be changed by changing the service configuration file and restarting xinetd.
For example: To start the Auth service, open the/etc/xinetd.d/auth profile, change the "Disable=no", and save the exit. Run/etc/rc.d/init.d/xinetd restart
To stop the Auth service, open the/etc/xinetd.d/auth configuration file, change the "Disable=yes", and save the exit. Run/etc/rc.d/init.d/xinetd restart
Four, control the start-up service automatically
The above-mentioned Control service switch method is to operate after starting Linux, if I want to control which services start at Linux boot, which services shut down how to do
There are 3 ways to start a control service automatically:
1, change the corresponding folder under/ETC/RC.D:
If you login the default interface is the character interface, then modify the Rc.3 folder, if the login interface by default is a graphical interface, then modify the rc.5.
In the folder, each service is preceded by the name "K" or "s", s on behalf of the service automatically run the boot, delete it or prefix to "K" will not start the next time.
2. Use the NTSYSV command:
Enter the NTSYSV command, there will be a list of services, need to start the hit "*", simple.
3. Use the Chkconfig command:
Let a service not start automatically: for example Httpd:chkconfig--level httpd? Off; 35 refers to the operating level
Let a service start automatically: for example Httpd:chkconfig--level httpd? On;
To view the startup status of all services: Chkconfig--list
To view the startup status of a service: Chkconfig--list |grep httpd transferred from: http://blog.csdn.net/nemo2011/article/details/7362071

View commands for Linux ports and firewall ports