Check the port number opened on the server in Linux.

Check the port number opened on the server in Linux.

Before discussing this issue, let's take a look at computer concepts such as physical ports, logical ports, and port numbers.

Concepts related to ports:

In network technology, a Port can be a logical Port or a physical Port. Physical port refers to the physical port, such as ADSL Modem, Hub, switch, router interface used to connect to other network devices, such as RJ-45 port, SC port and so on. A logical port is a port logically used to differentiate services, such as a service port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 of the FTP service. Because the number of physical and logical ports is large, each port is numbered to distinguish the ports.

Ports can be divided into three categories by port number:

1: Well Known Port)

The accepted port numbers are from 0 to 1023. They are closely bound to some common services. For example, if the FTP service uses port 21, you can see this ing relationship in/etc/services.

2: register the port (Registered Ports ):

From 1024 to 49151. They are loosely bound to some services. That is to say, many services are bound to these ports, which are also used for many other purposes.

3: Dynamic or Private Ports)

Dynamic port (private port numbers) is the number of ports that can be used for communication between any software and any other software. It uses the transmission control protocol over the Internet or user transmission protocol. Dynamic ports are generally from 49152 to 65535

Linux has a limited port range. If I want to reserve some ports for my program, I need to control the port range. /Proc/sys/net/ipv4/ip_local_port_range defines the port range of local TCP/UDP. You can define net. ipv4.ip _ local_port_range = 1024 65000 in/etc/sysctl. conf

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range

32768   61000

[root@localhost ~]#  echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

For ports and services, I used to use public toilets for example. Every toilet in public toilets is like every port in the system. Convenience is a so-called service. You have provided these services, the port (toilet) must be opened. When someone goes to the toilet, a link is established on these ports. If the restroom is occupied, it indicates that the port number is occupied by the service. If the public restroom service is unavailable one day, the restroom is removed, naturally, there is no port number. In fact, a more vivid example is like the bank lobby, where the port number is the counter, and those who take the number to handle the business are like the various clients linked to the server. They send business contacts to the counter through port redirection technology. Another easy-to-understand example is the port number, which is similar to each site on the high-speed rail line. For example, Changsha and Yueyang respectively represent a port number. Passengers can send train tickets to their respective sites, it is like the IP packet from each application to the server port.

Relationship between ports and services

What is the port used? We know that a host with an IP address can provide many services, such as Web services, FTP services, and SMTP services. These services can be implemented by one IP address. So how does a host distinguish between different network services? Obviously, you cannot rely only on IP addresses because the relationship between IP addresses and network services is one-to-many. In fact, different services are differentiated by "ip address + port number.

The correspondence between the port number and the corresponding service is stored in the/etc/services file. Most ports can be found in this file.

I don't know how to check whether the port is open!

1: nmap tool detects open ports

Nmap is a tool for network scanning and host detection. Nmap installation is very simple, as shown in the following rpm installation.

[root@DB-Server Server]# rpm -ivh nmap-4.11-1.1.x86_64.rpm 

warning: nmap-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing...                ########################################### [100%]

   1:nmap                   ########################################### [100%]

[root@DB-Server Server]# rpm -ivh nmap-frontend-4.11-1.1.x86_64.rpm 

warning: nmap-frontend-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing...                ########################################### [100%]

   1:nmap-frontend          ########################################### [100%]

[root@DB-Server Server]# 

Nmap can be used in uppercase or lowercase. As shown in the following figure, nmap 127.0.0.1 scans all ports by checking the ports opened on the local machine. You can also scan other server ports.

[root@DB-Server Server]# nmap 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2016-06-22 15:46 CST

Interesting ports on localhost.localdomain (127.0.0.1):

Not shown: 1674 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

25/tcp   open  smtp

111/tcp  open  rpcbind

631/tcp  open  ipp

1011/tcp open  unknown

3306/tcp open  mysql

Nmap finished: 1 IP address (1 host up) scanned in 0.089 seconds

You have new mail in /var/spool/mail/root

[root@DB-Server Server]# 

2: netstat tool detects open ports

[root@DB-Server Server]# netstat -anlp | grep 3306

tcp        0      0 :::3306                     :::*                        LISTEN      7358/mysqld         

[root@DB-Server Server]# netstat -anlp | grep 22

tcp        0      0 :::22                       :::*                        LISTEN      4020/sshd           

tcp        0     52 ::ffff:192.168.42.128:22    ::ffff:192.168.42.1:43561   ESTABLISHED 6198/2              

[root@DB-Server Server]# 

As shown above, this tool does not feel as concise and clear as nmap. Of course, nmap is not powerful.

3: lsof tool detects open ports

[root@DB-Server Server]# service mysql start

Starting MySQL......[  OK  ]

[root@DB-Server Server]# lsof -i:3306

COMMAND  PID  USER   FD   TYPE DEVICE SIZE NODE NAME

mysqld  7860 mysql   15u  IPv6  44714       TCP *:mysql (LISTEN)

[root@DB-Server Server]# service mysql stop

Shutting down MySQL..[  OK  ]

[root@DB-Server Server]# lsof -i:3306

[root@DB-Server Server]# 

 

[root@DB-Server Server]# lsof -i TCP| fgrep LISTEN

cupsd     3153    root    4u  IPv4   9115       TCP localhost.localdomain:ipp (LISTEN)

portmap   3761     rpc    4u  IPv4  10284       TCP *:sunrpc (LISTEN)

rpc.statd 3797 rpcuser    7u  IPv4  10489       TCP *:1011 (LISTEN)

sshd      4020    root    3u  IPv6  12791       TCP *:ssh (LISTEN)

sendmail  4042    root    4u  IPv4  12876       TCP localhost.localdomain:smtp (LISTEN)

4: Use telnet to check whether the port is open

Even if the server port is in the listening status, the firewall iptables shields the port and cannot detect whether the port is open through this method.

5: The netcat tool checks whether the port is open.

[root@DB-Server ~]# nc -vv 192.168.42.128 1521

Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!

[root@DB-Server ~]# nc -z 192.168.42.128 1521; echo $?

Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!

0

[root@DB-Server ~]#  nc -vv 192.168.42.128 1433

nc: connect to 192.168.42.128 port 1433 (tcp) failed: No route to host

Close and open ports

There are two different concepts: closing a port and opening a port. Each port has a corresponding service. to close a port, you only need to close the corresponding service. In the following example, the MySQL service is enabled, and port 3306 is in the listening state. After the MySQL service is disabled, port 3306 is naturally disabled.

[root@DB-Server Server]# service mysql start

Starting MySQL......[  OK  ]

[root@DB-Server Server]# lsof -i:3306

COMMAND  PID  USER   FD   TYPE DEVICE SIZE NODE NAME

mysqld  7860 mysql   15u  IPv6  44714       TCP *:mysql (LISTEN)

[root@DB-Server Server]# service mysql stop

Shutting down MySQL..[  OK  ]

[root@DB-Server Server]# lsof -i:3306

[root@DB-Server Server]# 

Therefore, some unnecessary ports and services in the system should be disabled from the perspective of security or resource saving. Close the corresponding port. In addition, even if the service is enabled, the firewall limits the corresponding port so that the port cannot be accessed, but the port itself is not closed, but the port is blocked.