See the port number held by the process in Linux
- 2020-12-05 17:33:18
- OfStack
It is critical for Linux system administrators to know whether a service is properly bound to or listening on a port. If you need to deal with port-related issues, this article may be useful to you.
Ports are the identifiers of logical connections between specific processes on an Linux system, including physical ports and software ports. Since the Linux operating system is a piece of software, this article only discusses software ports. Software ports are always associated with the host's IP address and associated communication protocol, so ports are often used to differentiate applications. Most network-related services must have a socket open to listen for incoming network requests, and each service uses a separate socket.
Sockets are used in conjunction with the IP address, software port, and protocol, while port numbers work with both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) protocols, both of which can communicate using port numbers between 0 and 65535.
Here are the port allocation categories:
0-1023: Common ports and system ports 1024-49151: Registration port for software 49152-65535: Dynamic port or private portMore information about reserved ports can be seen in the /etc/services file on Linux.
# less /etc/services
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
# Network services, Internet style
# IANA services version: last updated 2013-04-10
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
# The latest IANA port assignments can be gotten from
# http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
# Each line describes one service, and is of the form:
# service-name port/protocol [aliases ...] [# comment]
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol (historic)
msp 18/udp # message send protocol (historic)
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery
There are six ways to view port information.
ss: Can be used to dump socket statistics. netstat: A list of open sockets can be displayed. lsof: You can list open files. fuser: The process ID that lists the processes that have files open. nmap: Is a network detection tool and port scanner. systemctl: Is the control manager and service manager of THE systemd system.Below we will find out the port number used by the sshd daemon.
Method 1: Use the ss command
ss 1 is commonly used to dump socket statistics. It can output information similar to the netstat output, but it can display more TCP information and status information than other tools.
It also displays socket statistics for all types, including PACKET, TCP, UDP, DCCP, RAW, Unix domains, and so on.
# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))You can also use the port number to check.
# ss -tnlp | grep ":22"
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))
Method 2: Use the netstat command
netstat can display network connections, routing tables, interface statistics, disguised connections, and multicast members.
By default, netstat lists the open sockets. If no address family is specified, the active sockets for all configured address families are displayed. But netstat is out of date, and ss is commonly used instead.
# netstat -tnlp | grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 997/sshd
tcp6 0 0 :::22 :::* LISTEN 997/sshdYou can also use the port number to check.
# netstat -tnlp | grep ":22"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1208/sshd
tcp6 0 0 :::22 :::* LISTEN 1208/sshd
Method 3: Use the lsof command
lsof can list open files and list information about files that have been opened by processes on the system.
# lsof -i -P | grep ssh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 11584 root 3u IPv4 27625 0t0 TCP *:22 (LISTEN)
sshd 11584 root 4u IPv6 27627 0t0 TCP *:22 (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)You can also use the port number to check.
# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN)
sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)
Method 4: Use the fuser command
The fuser tool displays ID, a process with files open on the local system, in standard output.
# fuser -v 22/tcp
USER PID ACCESS COMMAND
22/tcp: root 1208 F.... sshd
root 12388 F.... sshd
root 49339 F.... sshd
Method 5: Use the nmap command
nmap (" Network Mapper ") is an open source tool for network detection and security auditing. It was originally used for quick scans of large networks, but it also works well for single host scans.
nmap uses the original IP packet to determine which hosts are available on the network, their services (including application name and version), the operating system the host is running (including information such as operating system version), the type of packet filter or firewall being used, and much more.
# nmap -sV -p 22 localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-23 12:36 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds
Method 6: Use the systemctl command
systemctl is the control manager and service manager of systemd system. It replaces the old SysV initialization system administration, which is used by most modern Linux operating systems.
# systemctl status sshd
low sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 11584 (sshd)
CGroup: /system.slice/sshd.service
└ ─ 11584 /usr/sbin/sshd -D
Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Starting OpenSSH server daemon...
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Started OpenSSH server daemon.
Sep 23 02:09:15 vps.2daygeek.com sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth]
Sep 23 02:09:41 vps.2daygeek.com sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2
The output above shows the listening port of the ssh service when it was last started. But it does not update the latest log to the output.
# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))In most cases, the output above does not show the actual port number of the process. It is recommended that you use the journalctl command below to check the details in the log file.
# ss -tnlp | grep ssh
LISTEN 0 128 *:22 *:* users:(("sshd",pid=997,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=997,fd=4))conclusion