Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
OpenPorts
Edit
PageHistory
Diff
Info
LikePages
The [lsof] application provides a great way to see what applications are listening on your network ports, but it isn't always available on older OSs, and [netstat] is ... A server may have multiple interfaces, multiple IP addresses on those interfaces, and of course multiple ports open (listening) on them. Here's a (long, nasty) one-liner bash command line to report in a nice way what ports you currently have open ... <verbatim> for i in $(netstat -ln|grep "LISTEN "|tr -s " "|cut -d" " -f4|sed -e"s/\([^:]*\):\([^:]*\)/\2=\1/"|sort -n); do PORT=$(echo $i |cut -d= -f1); SN=$(grep "[^[:digit:]]$PORT/tcp" /etc/services|tr -s " "|cut -f 1); IP=$(echo $i|cut -d= -f2); if [ "$IP" == "127.0.0.1" ]; then IPp="L"; elif [ "$IP" == "0.0.0.0" ]; then IPp="*"; else IPp=$IP; fi; if [ "$SN" == "" ]; then SNn=$PORT; else SNn=$SN; fi; echo "$SNn ($PORT) $IPp"; done </verbatim> Sample output :- <verbatim> smtp (25) L domain (53) 10.10.10.11 www (80) L www (80) 10.10.10.11 www (80) 10.10.10.10 https (443) 10.10.10.11 ipp (631) L 953 (953) L mysql (3306) L www-php4 (4080) L 4369 (4369) * xmpp-client (5222) * 5223 (5223) * xmpp-server (5269) * 5280 (5280) * 5356 (5356) * 5357 (5357) L postgresql (5432) L 6010 (6010) L 11211 (11211) * 52029 (52029) * 54440 (54440) L </verbatim> It uses =netstat= to do the basic report of open ports, then translates the known port numbers found in =/etc/services=, indicates which are listening only to localhost (L), and which are listening on all interfaces (~*). It's a one-liner because I have multiple servers, and have a handy run-everywhere script that will let me fire off a command to be run on any subset of my machines. It uses double-quotes because I have to enclose the whole thing in single-quotes to prevent early variable expansion on my local workstation. Wow. As a more readable script, it looks like this :- <verbatim> for i in $(netstat -ln|grep "LISTEN "|tr -s " "|cut -d" " -f4|sed -e"s/\([^:]*\):\([^:]*\)/\2=\1/"|sort -n) do PORT=$(echo $i |cut -d= -f1) SN=$(grep "[^[:digit:]]$PORT/tcp" /etc/services|tr -s " "|cut -f 1) IP=$(echo $i|cut -d= -f2) if [ "$IP" == "127.0.0.1" ] then IPp="L" elif [ "$IP" == "0.0.0.0" ] then IPp="*" else IPp=$IP fi if [ "$SN" == "" ] then SNn=$PORT else SNn=$SN fi echo "$SNn ($PORT) $IPp" done </verbatim> The sub-shell snippets are :- * get the port/address data * run =netstat -ln= * find lines with "LISTEN " in them (excludes "LISTENING" by having the space at the end of LISTEN) * replace multiple spaces with single spaces, to make =cut='s job easier * get the fourth space-delimited field only * change address:port to port~=address * literally, any non-colon-characters, a colon, any non-colon-characters. * =sort= into numerical order * lookup the port number in =/etc/services= * use the current port~=address data * get the first field in the ~= separated list (the port) * assign that to the variable PORT * look for any lines that mention PORT/tcp in =/etc/services=. Don't allow any other digits in front of PORT (i.e. if PORT = 80, do not select 8080/tcp) * replace multiple tabs with a single tab * select only the first field (in a tab-separated list, the default for =cut=)
One page links to
OpenPorts
:
UserSubmittedNotes
