Blame: OpenPorts - Waikato Linux Users Group

Annotated edit history of OpenPorts version 1, including all changes. View license author blame.

Rev	Author	#	Line
1	JimCheetham	1	`The [lsof] application provides a great way to see what applications are listening on your network ports, but it isn't always available on older OSs, and [netstat] is ...`
		2
		3	`A server may have multiple interfaces, multiple IP addresses on those interfaces, and of course multiple ports open (listening) on them.`
		4
		5	`Here's a (long, nasty) one-liner bash command line to report in a nice way what ports you currently have open ...`
		6
		7	`<verbatim>`
		8	`for i in $(netstat -ln\|grep "LISTEN "\|tr -s " "\|cut -d" " -f4\|sed -e"s/$[^:]$:$[^:]$/\2=\1/"\|sort -n); do PORT=$(echo $i \|cut -d= -f1); SN=$(grep "[^[:digit:]]$PORT/tcp" /etc/services\|tr -s " "\|cut -f 1); IP=$(echo $i\|cut -d= -f2); if [ "$IP" == "127.0.0.1" ]; then IPp="L"; elif [ "$IP" == "0.0.0.0" ]; then IPp="*"; else IPp=$IP; fi; if [ "$SN" == "" ]; then SNn=$PORT; else SNn=$SN; fi; echo "$SNn ($PORT) $IPp"; done`
		9	`</verbatim>`
		10
		11	`Sample output :-`
		12	`<verbatim>`
		13	`smtp (25) L`
		14	`domain (53) 10.10.10.11`
		15	`www (80) L`
		16	`www (80) 10.10.10.11`
		17	`www (80) 10.10.10.10`
		18	`https (443) 10.10.10.11`
		19	`ipp (631) L`
		20	`953 (953) L`
		21	`mysql (3306) L`
		22	`www-php4 (4080) L`
		23	`4369 (4369) *`
		24	`xmpp-client (5222) *`
		25	`5223 (5223) *`
		26	`xmpp-server (5269) *`
		27	`5280 (5280) *`
		28	`5356 (5356) *`
		29	`5357 (5357) L`
		30	`postgresql (5432) L`
		31	`6010 (6010) L`
		32	`11211 (11211) *`
		33	`52029 (52029) *`
		34	`54440 (54440) L`
		35	`</verbatim>`
		36
		37	`It uses =netstat= to do the basic report of open ports, then translates the known port numbers found in =/etc/services=, indicates which are listening only to localhost (L), and which are listening on all interfaces (~*).`
		38
		39	`It's a one-liner because I have multiple servers, and have a handy run-everywhere script that will let me fire off a command to be run on any subset of my machines. It uses double-quotes because I have to enclose the whole thing in single-quotes to prevent early variable expansion on my local workstation. Wow.`
		40
		41	`As a more readable script, it looks like this :-`
		42
		43	`<verbatim>`
		44	`for i in $(netstat -ln\|grep "LISTEN "\|tr -s " "\|cut -d" " -f4\|sed -e"s/$[^:]$:$[^:]$/\2=\1/"\|sort -n)`
		45	`do`
		46	`PORT=$(echo $i \|cut -d= -f1)`
		47	`SN=$(grep "[^[:digit:]]$PORT/tcp" /etc/services\|tr -s " "\|cut -f 1)`
		48	`IP=$(echo $i\|cut -d= -f2)`
		49
		50	`if [ "$IP" == "127.0.0.1" ]`
		51	`then IPp="L"`
		52	`elif [ "$IP" == "0.0.0.0" ]`
		53	`then IPp="*"`
		54	`else IPp=$IP`
		55	`fi`
		56
		57	`if [ "$SN" == "" ]`
		58	`then SNn=$PORT`
		59	`else SNn=$SN`
		60	`fi`
		61
		62	`echo "$SNn ($PORT) $IPp"`
		63	`done`
		64	`</verbatim>`
		65
		66	`The sub-shell snippets are :-`
		67
		68	`* get the port/address data`
		69	`* run =netstat -ln=`
		70	`* find lines with "LISTEN " in them (excludes "LISTENING" by having the space at the end of LISTEN)`
		71	`* replace multiple spaces with single spaces, to make =cut='s job easier`
		72	`* get the fourth space-delimited field only`
		73	`* change address:port to port~=address`
		74	`* literally, any non-colon-characters, a colon, any non-colon-characters.`
		75	`* =sort= into numerical order`
		76	`* lookup the port number in =/etc/services=`
		77	`* use the current port~=address data`
		78	`* get the first field in the ~= separated list (the port)`
		79	`* assign that to the variable PORT`
		80	`* look for any lines that mention PORT/tcp in =/etc/services=. Don't allow any other digits in front of PORT (i.e. if PORT = 80, do not select 8080/tcp)`
		81	`* replace multiple tabs with a single tab`
		82	`* select only the first field (in a tab-separated list, the default for =cut=)`

Last edited on Wednesday, September 17, 2008 10:25:53 pm by JimCheetham

Edit PageHistory Diff Info LikePages