- Netstat/lsof
- The netstat command is used to display statistics related to IP, TCP, UDP, and ICMP protocols, and is typically used to verify network connectivity across ports on the local computer.
- -a displays a list of all valid connection information (including established connections, including those that listen for connection requests)
- -N Shows all valid connections established
- -T TCP protocol
- -U UDP protocol
- -L Query the program being monitored
- -P shows the program identification code and program name using the socket
- Example: Netstat-ntupl|grep processname
- How do I query only tomcat connections?
- Netstat-na|grep estab |grep |wc-l
- Netstat-na|grep estab |grep 8080 |wc-l
- Common Port Description:
- Port: 21
- Service: FTP server open port for uploading, downloading.
- Port: 22
- Service: SSH
- PORT: 80
- Service: HTTP for web browsing
- PORT: 389
- Services: LDAP ILS Lightweight Directory Access Protocol and netmeetinginternet Locator Server
- Port: 443
- Service: A Web browsing port can provide encryption and another HTTP transmission over a secure port
- Port: 8080
- Service: Proxy port
- Open the terminal and execute the following command to see the port status of each process:
- # ps-ef|wc-l //view total number of processes running in the background
- # Ps-fu CSVN //view CSVN process
- # NETSTAT-LNTP //See which ports are open
- # Netstat-r //This option can display information about the routing table
- # netstat-a //This option displays a list of all valid connection information
- # netstat-an|grep 8080
- # Netstat-na|grep-i Listen //Can see the current system listening port number
- # Netstat-antup //View the established connection process, the occupied port.
- netstat-anp|grep1487
- lsof-i:1487
- See which processes open the specified port 1487
- The shutdown port is actually shutting down its corresponding service, such as 80 port is httpd shutdown 80 port can be implemented by shutting down the httpd service
- Each port has a daemon, kill the daemon.
- The host's port is divided into a listening port and a randomly available premium port
- Listening Port: The listening port is the service that the host is powered on, and this service enables a port on the Linux system to listen for client requests
- A randomly available premium port:
- Linux to request a service from a host, the Linux host needs to enable a port to connect externally Linux randomly connects to a port that is not in use and has a number greater than 1024
- Only the root user can open port 1-1024 to indicate root privileges
- Netstat-n Show Connection Status
- NETSTAT-TL displays the name of the service that is currently listening
- Linux is a tool to list the open files of the current system, and in the Linux environment, everything is in the form of files.
- Lsof output information to display system open files by default show all files open by all processes
- lsof filename Displays all processes that open the specified file
- Lsof-c string Displays all open files for the process containing the specified characters in the command column
- Lsof-u Username Displays the files that are open by the user process
- Lsof-g GID shows the process of attribution to GID
- Lsof-i Show eligible process conditions
- Lsof-d the process that displays the specified file descriptor
- Lsof-a indicates that two parameters must be met before the results are displayed
- Example: lsof-i:1487
- To view files whose file type is txt opened by the root user process:
- Lsof-a-u root-d txt
- Lsof Use Instances
- 1. Find using the file system
- When uninstalling the file system, an error occurs if there are any open files in the file system. Lsof can be used to find out which processes are using the currently uninstalled file system
- # lsof/gtes11/
- COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
- Bash 4208 root cwd DIR 3,1 40962/gtes11/
- Vim 4230 root CWD DIR 3,1 40962/gtes11/
- 2. Recover deleted files
- When a Linux computer is compromised, it is common for log files to be deleted and administrative errors to cause accidental deletion of important files.
- When a process opens a file, it remains on disk as long as the process remains open for that file, even if it is deleted. This means that the process does not know that the file has been deleted, and in the/proc directory, it contains various files that reflect the kernel and the process tree.
- When a file in the system is accidentally deleted, as long as there are processes in the system that are accessing the file, you can recover the file from the/proc directory by lsof
- Use lsof to see if there are currently processes open/var/logmessages files
- # lsof |grep/var/log/messages syslogd 1283 root 2w REG 3,3 5381017 1773647/var/log/messages (deleted) from/proc/128 3/FD/2
- This method of recovering deleted files is useful for many applications, especially log files and databases
Which command Linux can use to view a service and its ports, process numbers