Check the port number opened on the server in Linux.
Before discussing this issue, let's take a look at computer concepts such as physical ports, logical ports, and port numbers.
Concepts related to ports:
In network technology, a Port can be a logical Port or a physical Port. Physical port refers to the physical port, such as ADSL Modem, Hub, switch, router interface used to connect to other network devices, such as RJ-45 port, SC port and so on. A logical port is a port logically used to differentiate services, such as a service port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 of the FTP service. Because the number of physical and logical ports is large, each port is numbered to distinguish the ports.
Ports can be divided into three categories by port number:
1: Well Known Port)
The accepted port numbers are from 0 to 1023. They are closely bound to some common services. For example, if the FTP service uses port 21, you can see this ing relationship in/etc/services.
2: register the port (Registered Ports ):
From 1024 to 49151. They are loosely bound to some services. That is to say, many services are bound to these ports, which are also used for many other purposes.
3: Dynamic or Private Ports)
Dynamic port (private port numbers) is the number of ports that can be used for communication between any software and any other software. It uses the transmission control protocol over the Internet or user transmission protocol. Dynamic ports are generally from 49152 to 65535
Linux has a limited port range. If I want to reserve some ports for my program, I need to control the port range. /Proc/sys/net/ipv4/ip_local_port_range defines the port range of local TCP/UDP. You can define net. ipv4.ip _ local_port_range = 1024 65000 in/etc/sysctl. conf
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
[root@localhost ~]# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
For ports and services, I used to use public toilets for example. Every toilet in public toilets is like every port in the system. Convenience is a so-called service. You have provided these services, the port (toilet) must be opened. When someone goes to the toilet, a link is established on these ports. If the restroom is occupied, it indicates that the port number is occupied by the service. If the public restroom service is unavailable one day, the restroom is removed, naturally, there is no port number. In fact, a more vivid example is like the bank lobby, where the port number is the counter, and those who take the number to handle the business are like the various clients linked to the server. They send business contacts to the counter through port redirection technology. Another easy-to-understand example is the port number, which is similar to each site on the high-speed rail line. For example, Changsha and Yueyang respectively represent a port number. Passengers can send train tickets to their respective sites, it is like the IP packet from each application to the server port.
Relationship between ports and services
What is the port used? We know that a host with an IP address can provide many services, such as Web services, FTP services, and SMTP services. These services can be implemented by one IP address. So how does a host distinguish between different network services? Obviously, you cannot rely only on IP addresses because the relationship between IP addresses and network services is one-to-many. In fact, different services are differentiated by "ip address + port number.
The correspondence between the port number and the corresponding service is stored in the/etc/services file. Most ports can be found in this file.
I don't know how to check whether the port is open!
1: nmap tool detects open ports
Nmap is a tool for network scanning and host detection. Nmap installation is very simple, as shown in the following rpm installation.
[root@DB-Server Server]# rpm -ivh nmap-4.11-1.1.x86_64.rpm
warning: nmap-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:nmap ########################################### [100%]
[root@DB-Server Server]# rpm -ivh nmap-frontend-4.11-1.1.x86_64.rpm
warning: nmap-frontend-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:nmap-frontend ########################################### [100%]
[root@DB-Server Server]#
Nmap can be used in uppercase or lowercase. As shown in the following figure, nmap 127.0.0.1 scans all ports by checking the ports opened on the local machine. You can also scan other server ports.
[root@DB-Server Server]# nmap 127.0.0.1
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2016-06-22 15:46 CST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
1011/tcp open unknown
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.089 seconds
You have new mail in /var/spool/mail/root
[root@DB-Server Server]#
2: netstat tool detects open ports
[root@DB-Server Server]# netstat -anlp | grep 3306
tcp 0 0 :::3306 :::* LISTEN 7358/mysqld
[root@DB-Server Server]# netstat -anlp | grep 22
tcp 0 0 :::22 :::* LISTEN 4020/sshd
tcp 0 52 ::ffff:192.168.42.128:22 ::ffff:192.168.42.1:43561 ESTABLISHED 6198/2
[root@DB-Server Server]#
As shown above, this tool does not feel as concise and clear as nmap. Of course, nmap is not powerful.
3: lsof tool detects open ports
[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]#
[root@DB-Server Server]# lsof -i TCP| fgrep LISTEN
cupsd 3153 root 4u IPv4 9115 TCP localhost.localdomain:ipp (LISTEN)
portmap 3761 rpc 4u IPv4 10284 TCP *:sunrpc (LISTEN)
rpc.statd 3797 rpcuser 7u IPv4 10489 TCP *:1011 (LISTEN)
sshd 4020 root 3u IPv6 12791 TCP *:ssh (LISTEN)
sendmail 4042 root 4u IPv4 12876 TCP localhost.localdomain:smtp (LISTEN)
4: Use telnet to check whether the port is open
Even if the server port is in the listening status, the firewall iptables shields the port and cannot detect whether the port is open through this method.
5: The netcat tool checks whether the port is open.
[root@DB-Server ~]# nc -vv 192.168.42.128 1521
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
[root@DB-Server ~]# nc -z 192.168.42.128 1521; echo $?
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
0
[root@DB-Server ~]# nc -vv 192.168.42.128 1433
nc: connect to 192.168.42.128 port 1433 (tcp) failed: No route to host
Close and open ports
There are two different concepts: closing a port and opening a port. Each port has a corresponding service. to close a port, you only need to close the corresponding service. In the following example, the MySQL service is enabled, and port 3306 is in the listening state. After the MySQL service is disabled, port 3306 is naturally disabled.
[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]#
Therefore, some unnecessary ports and services in the system should be disabled from the perspective of security or resource saving. Close the corresponding port. In addition, even if the service is enabled, the firewall limits the corresponding port so that the port cannot be accessed, but the port itself is not closed, but the port is blocked.