TCP/UDP Protocols/Ports are ranging from 0-65535 so total we have 65536 ports & because of the limitation in TCP/IP stack where the port number field is just 16-bit (unsigned integer) size. So we have only 2^16(2 to the power of 16) ports which are equal to 65536 ports
Port "Software Port" is piece of software which is used as docking point in your machine, where remote application can interact/communicate. "Hardware Port" is a physical peripheral connecting point to a machine from a physical device. "Socket" is combination of software Port and IP address.
Port numbers are assigned in various ways, based on following three ranges:
System Ports/Well known Ports (0-1023)
User Ports (1024-49151)
and the Dynamic and/or Private Ports (49152-65535)
some important default port numbers:
********************************************
TCP===6 (TCP has it's own port number in TCP/IP stack)
UDP===17 (UDP has it's own port number in TCP/IP stack)
http/Apache===80
https===443
rsync===873
Netbios(nmbd)===137
samba(smbd)===139
ftp data transfer====20 (For transferring FTP data)
ftp data control(command)=====21 (For starting FTP connection)
telnet===23
ssh==22
sftp==22
dns==53
bootp(dhcp server)===67
dhcp client===68
tftp===69
smtp===25
snmp===161
mysql===3306
pop3===110
imap====143
imaps====993
ntp===123
samba===901
nfs====2049
kerberos====88
tftp====69
ldap===389
uucp====540
nntp===563
mysql===3306
svn====3690
X11===6000-6063 (X11 use 6000 to 6063 ports for connecting X11 from remote server)
squid===3129
You can see all the port information from /etc/services file in Linux
Below is the process about How to check that what services running on specific port with particular PID and How to kill that (Note: you must have root access to run lsof & fuser super user command )
I hope this would give more & exact idea about ports,process(PID/PPID) & protocols(TCP/UDP) as per Operating System (OS) perspective.
As a normal user you can run netstat command & find out your query output as per below screenshots (consider this just as an example for you guys)
lsof - list open files (lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them.)
*****************
lsof examples:
*****************
To view the port associated with a daemon:
# lsof -i -n -P | grep sendmail
sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
# lsof -i -n -P -U | grep -i sshd
sshd 2421 root 3u IPv4 12545 0t0 TCP *:22 (LISTEN)
sshd 2421 root 4u IPv6 12547 0t0 TCP *:22 (LISTEN)
sshd 10935 root 3u IPv4 39787 0t0 TCP 127.0.0.1:22->127.0.0.1:58478 (ESTABLISHED)
sshd 10935 root 4u unix 0xffff88008aab79c0 0t0 39843 socket
sshd 10935 root 5u unix 0xffff88008a967080 0t0 39850 socket
sshd 31805 root 3u IPv4 188908 0t0 TCP 172.29.76.151:22->172.29.79.185:1645 (ESTABLISHED)
sshd 31805 root 4u unix 0xffff880107cbfcc0 0t0 189152 socket
sshd 31805 root 5u unix 0xffff880099aa8cc0 0t0 189158 socket
From the above one can see that "sendmail" is listening on its standard port of "25" and "sshd" is listening on its standard port of "22"
Options:
========
* -i Lists IP sockets.
* -n Do not resolve hostnames (no DNS).
* -P Do not resolve port names (list port number instead of its name).
* -U This option selects the listing of UNIX domain socket files.
=========================
fuser - identify processes using files or sockets (fuser displays the PIDs of processes using the specified files or file systems.)
******************
fuser examples:
******************
# fuser -v -n tcp 80
USER PID ACCESS COMMAND
80/tcp: root 2797 F.... httpd
apache 17090 F.... httpd
apache 17091 F.... httpd
apache 17092 F.... httpd
apache 17093 F.... httpd
apache 17094 F.... httpd
apache 17095 F.... httpd
apache 17096 F.... httpd
apache 17097 F.... httpd
apache 17098 F.... httpd
# fuser -v -n tcp 8080
USER PID ACCESS COMMAND
8080/tcp: tomcat 2743 F.... java
#fuser -anu tcp 80
80/tcp: 2797(root) 17090(apache) 17091(apache) 17092(apache) 17093(apache) 17094(apache) 17095(apache) 17096(apache) 17097(apache) 17098(apache)
# fuser -anu tcp 8080
8080/tcp: 2743(tomcat)
Options:
========
* -k kills all process accessing a file. For example fuser -k /path/to/your/filename kills all processes accessing this directory without confirmation. Use -i for confirmation
* -i interactive mode. Prompt before killing process
* -v verbose.
* -u append username
* -a display all files
ss "socket statistics" command:
********************************
ss command is used to show socket statistics
ss -l ===> to display all open network ports
ss- s ===>to List currently established, closed, orphaned and waiting TCP sockets
ss -pl ===> to see process named using open socket
ss -pl | grep 3306 ===> to figureout who is responsible for opening socket/port # 3306
ss -t -a ==> To display all TCP sockets/ports
ss -u -a ==> To display all UDP sockets/ports
Please refer URL https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html to get more details regarding ss utility in Linux
ps - Displays The Processes
****************************
ps command will report a snapshot of the current processes. To select all processes use the -A or -e(entire) option:
Print All Process On The Server
# ps -A
# ps axu
#ps -ef
See Every Process Running As User John
# ps -U john -u john u
Few more commands as an example: (normal user can run below bold commands)
lsof -i:443
netstat -nlp
netstat -anlp
lsof -i | grep apache
lsof -i | grep root
lsof -i | grep 8080
lsof -i | grep -i listen
netstat -lp
netstat -anlp
lsof -i | grep -i listen
lsof -i | grep root
fuser -n tcp 8080
netstat -anpl | grep -i 8080
netstat -anp | grep -i 8080
lsof -i tcp:80
lsof -i:80
lsof -i udp:80
lsof -i udp
lsof -i tcp
Port "Software Port" is piece of software which is used as docking point in your machine, where remote application can interact/communicate. "Hardware Port" is a physical peripheral connecting point to a machine from a physical device. "Socket" is combination of software Port and IP address.
Port numbers are assigned in various ways, based on following three ranges:
System Ports/Well known Ports (0-1023)
User Ports (1024-49151)
and the Dynamic and/or Private Ports (49152-65535)
some important default port numbers:
********************************************
TCP===6 (TCP has it's own port number in TCP/IP stack)
UDP===17 (UDP has it's own port number in TCP/IP stack)
http/Apache===80
https===443
rsync===873
Netbios(nmbd)===137
samba(smbd)===139
ftp data transfer====20 (For transferring FTP data)
ftp data control(command)=====21 (For starting FTP connection)
telnet===23
ssh==22
sftp==22
dns==53
bootp(dhcp server)===67
dhcp client===68
tftp===69
smtp===25
snmp===161
mysql===3306
pop3===110
imap====143
imaps====993
ntp===123
samba===901
nfs====2049
kerberos====88
tftp====69
ldap===389
uucp====540
nntp===563
mysql===3306
svn====3690
X11===6000-6063 (X11 use 6000 to 6063 ports for connecting X11 from remote server)
squid===3129
You can see all the port information from /etc/services file in Linux
Below is the process about How to check that what services running on specific port with particular PID and How to kill that (Note: you must have root access to run lsof & fuser super user command )
I hope this would give more & exact idea about ports,process(PID/PPID) & protocols(TCP/UDP) as per Operating System (OS) perspective.
As a normal user you can run netstat command & find out your query output as per below screenshots (consider this just as an example for you guys)
lsof - list open files (lsof is a command meaning "list open files", which is used in many Unix-like systems to report a list of all open files and the processes that opened them.)
*****************
lsof examples:
*****************
To view the port associated with a daemon:
# lsof -i -n -P | grep sendmail
sendmail 31649 root 4u IPv4 521738 TCP *:25 (LISTEN)
# lsof -i -n -P -U | grep -i sshd
sshd 2421 root 3u IPv4 12545 0t0 TCP *:22 (LISTEN)
sshd 2421 root 4u IPv6 12547 0t0 TCP *:22 (LISTEN)
sshd 10935 root 3u IPv4 39787 0t0 TCP 127.0.0.1:22->127.0.0.1:58478 (ESTABLISHED)
sshd 10935 root 4u unix 0xffff88008aab79c0 0t0 39843 socket
sshd 10935 root 5u unix 0xffff88008a967080 0t0 39850 socket
sshd 31805 root 3u IPv4 188908 0t0 TCP 172.29.76.151:22->172.29.79.185:1645 (ESTABLISHED)
sshd 31805 root 4u unix 0xffff880107cbfcc0 0t0 189152 socket
sshd 31805 root 5u unix 0xffff880099aa8cc0 0t0 189158 socket
From the above one can see that "sendmail" is listening on its standard port of "25" and "sshd" is listening on its standard port of "22"
Options:
========
* -i Lists IP sockets.
* -n Do not resolve hostnames (no DNS).
* -P Do not resolve port names (list port number instead of its name).
* -U This option selects the listing of UNIX domain socket files.
=========================
fuser - identify processes using files or sockets (fuser displays the PIDs of processes using the specified files or file systems.)
******************
fuser examples:
******************
# fuser -v -n tcp 80
USER PID ACCESS COMMAND
80/tcp: root 2797 F.... httpd
apache 17090 F.... httpd
apache 17091 F.... httpd
apache 17092 F.... httpd
apache 17093 F.... httpd
apache 17094 F.... httpd
apache 17095 F.... httpd
apache 17096 F.... httpd
apache 17097 F.... httpd
apache 17098 F.... httpd
# fuser -v -n tcp 8080
USER PID ACCESS COMMAND
8080/tcp: tomcat 2743 F.... java
#fuser -anu tcp 80
80/tcp: 2797(root) 17090(apache) 17091(apache) 17092(apache) 17093(apache) 17094(apache) 17095(apache) 17096(apache) 17097(apache) 17098(apache)
# fuser -anu tcp 8080
8080/tcp: 2743(tomcat)
Options:
========
* -k kills all process accessing a file. For example fuser -k /path/to/your/filename kills all processes accessing this directory without confirmation. Use -i for confirmation
* -i interactive mode. Prompt before killing process
* -v verbose.
* -u append username
* -a display all files
ss "socket statistics" command:
********************************
ss command is used to show socket statistics
ss -l ===> to display all open network ports
ss- s ===>to List currently established, closed, orphaned and waiting TCP sockets
ss -pl ===> to see process named using open socket
ss -pl | grep 3306 ===> to figureout who is responsible for opening socket/port # 3306
ss -t -a ==> To display all TCP sockets/ports
ss -u -a ==> To display all UDP sockets/ports
Please refer URL https://www.cyberciti.biz/tips/linux-investigate-sockets-network-connections.html to get more details regarding ss utility in Linux
ps - Displays The Processes
****************************
ps command will report a snapshot of the current processes. To select all processes use the -A or -e(entire) option:
Print All Process On The Server
# ps -A
# ps axu
#ps -ef
See Every Process Running As User John
# ps -U john -u john u
Few more commands as an example: (normal user can run below bold commands)
lsof -i:443
netstat -nlp
netstat -anlp
lsof -i | grep apache
lsof -i | grep root
lsof -i | grep 8080
lsof -i | grep -i listen
netstat -lp
netstat -anlp
lsof -i | grep -i listen
lsof -i | grep root
fuser -n tcp 8080
netstat -anpl | grep -i 8080
netstat -anp | grep -i 8080
lsof -i tcp:80
lsof -i:80
lsof -i udp:80
lsof -i udp
lsof -i tcp
No comments:
Post a Comment