How many ports can the Linux server open at most
- 2021-11-02 03:45:42
- OfStack
Relationship between port and service
1: nmap tool detects open ports
2: netstat tool detects open ports
3: lsof tool detects open ports
4: ss tool detects open ports
5: Use telnet to detect if the port is open
6: The netcat tool detects whether the port is open, closed and open
Port-related concepts:
In network technology, ports (Port) include logical ports and physical ports. Physical ports refer to ports that exist physically, such as ADSL, Modem, interfaces on hubs, switches, routers that connect to other network devices, such as RJ-45 ports, SC ports, and so on. Logical port refers to the port used to differentiate services logically, such as the service port in TCP/IP protocol, and the port number ranges from 0 to 65535, such as port 80 for browsing web page service and port 21 for FTP service. Because of the large number of physical ports and logical ports, each port is numbered in order to distinguish the ports, which is the port number
Ports can be divided into three categories by port number:
1: Recognized port (Well Known Port)
The accepted port numbers range from 0 to 1023, and they are tightly bound to one common service, such as the FTP service using Port 21, which you can see in the/etc/services.
2: Registration port (Registered Ports):
From 1024 to 49151. They are loosely bound to 1 service. That is to say, there are many services bound to these ports, and these ports are also used for many other purposes.
3: Dynamic or Private Port (Dynamic and/or Private Ports)
The dynamic port, or private port number (private port numbers), is the number of ports that can be used by any software to communicate with any other software, using the Transmission Control Protocol of the Internet, or the User Transport Protocol. Dynamic Port 1 is generally from 49152 to 65535
Linux has a limited port range, and if I want to reserve some ports for my program, I need to control this port range. /proc/sys/net/ipv4/ip_local_port_range defines the port range of native TCP/UDP, and you can define net.ipv4.ip_local_port_range = 1024 65000 inside /etc/sysctl.conf
[root@localhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
[root@localhost ~]# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
As for ports and services, I used to take public toilets as an analogy. Every toilet in public toilets is like every port of the system. Solving convenience for people is the so-called service. If you provide these services, you must open ports (toilets). When someone goes to the toilet, links are established at these ports. If the toilet is occupied, it means that the port number is occupied by the service. If there is no public toilet service here one day, the public toilet will be demolished, and naturally there will be no port number. In fact, a more vivid example is like a bank lobby, where the port numbers are those counters, and those who take the numbers to handle business are like various clients linked to the server. They send business contacts to counters through port redirection technology. Let's give an easy-to-understand example. Port numbers are like each station on the high-speed rail line. For example, Changsha and Yueyang represent one port number respectively. Passengers go to their respective stations through train tickets, just like IP packets sent by various applications to server ports.
Relationship between port and service
What's the use of ports? As we know, a host with IP address can provide many services, such as Web service, FTP service, SMTP service, etc. These services can be realized by one IP address. So, how does the host distinguish different network services? Obviously, you can't rely solely on IP addresses, because the relationship between IP addresses and network services is one-to-many. In fact, different services are distinguished by "IP address + port number".
The correspondence between the port number and the corresponding service is stored in the/etc/services file, where most of the ports can be found.
How to check whether the port is open, in fact, it is not sorted out, and there are so many methods!
1: nmap tool detects open ports
nmap is a network scanning and host detection tool. The installation of the nmap is very simple, as shown in the following rpm installation.
[root@DB-Server Server]# rpm -ivh nmap-4.11-1.1.x86_64.rpm
warning: nmap-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:nmap ########################################### [100%]
[root@DB-Server Server]# rpm -ivh nmap-frontend-4.11-1.1.x86_64.rpm
warning: nmap-frontend-4.11-1.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:nmap-frontend ########################################### [100%]
About the use of nmap, you can take a long capitalized close-up, so you won't expand it here. As shown below, nmap 127.0. 0.1 looks at the ports that are open locally and scans all ports. Of course, you can also scan other server ports.
[root@DB-Server Server]# nmap 127.0.0.1
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2016-06-22 15:46 CST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
1011/tcp open unknown
3306/tcp open mysql
Nmap finished: 1 IP address (1 host up) scanned in 0.089 seconds
You have new mail in /var/spool/mail/root
[root@DB-Server Server]#
2: netstat tool detects open ports
[root@DB-Server Server]# netstat -anlp | grep 3306
tcp 0 0 :::3306 :::* LISTEN 7358/mysqld
[root@DB-Server Server]# netstat -anlp | grep 22
tcp 0 0 :::22 :::* LISTEN 4020/sshd
tcp 0 52 ::ffff:192.168.42.128:22 ::ffff:192.168.42.1:43561 ESTABLISHED 6198/2
[root@DB-Server Server]#
As shown above, this tool feels less concise than nmap. Of course, it is not as powerful as nmap.
3: lsof tool detects open ports
[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]#
[root@DB-Server Server]# lsof -i TCP| fgrep LISTEN
cupsd 3153 root 4u IPv4 9115 TCP localhost.localdomain:ipp (LISTEN)
portmap 3761 rpc 4u IPv4 10284 TCP *:sunrpc (LISTEN)
rpc.statd 3797 rpcuser 7u IPv4 10489 TCP *:1011 (LISTEN)
sshd 4020 root 3u IPv6 12791 TCP *:ssh (LISTEN)
sendmail 4042 root 4u IPv4 12876 TCP localhost.localdomain:smtp (LISTEN)
4: ss tool detects open ports
[root@localhost ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 32 *:8808 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost ~]#
5: Use telnet to detect if the port is open
Even if the server port is in a listening state, the firewall iptables shields the port, so it is impossible to detect whether the port is open by this method.
6: The netcat tool detects if the port is open
[root@DB-Server ~]# nc -vv 192.168.42.128 1521
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
[root@DB-Server ~]# nc -z 192.168.42.128 1521; echo $?
Connection to 192.168.42.128 1521 port [tcp/ncube-lm] succeeded!
0
[root@DB-Server ~]# nc -vv 192.168.42.128 1433
nc: connect to 192.168.42.128 port 1433 (tcp) failed: No route to host
Closed port and open port
Closed port and open port should be two different concepts, each port has a corresponding service, so to close the port, just close the corresponding service. As in the following example, when the MySQL service is turned on, port 3306 is in a listening state, and after the MySQL service is turned off, port 3306 is naturally turned off
[root@DB-Server Server]# service mysql start
Starting MySQL......[ OK ]
[root@DB-Server Server]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
mysqld 7860 mysql 15u IPv6 44714 TCP *:mysql (LISTEN)
[root@DB-Server Server]# service mysql stop
Shutting down MySQL..[ OK ]
[root@DB-Server Server]# lsof -i:3306
[root@DB-Server Server]#
Therefore, there are some unnecessary ports and services in the system. From the perspective of security or resource saving, those unnecessary services should be closed. Close the corresponding port. In addition, even if the service is turned on, the firewall restricts the corresponding port, so that the port cannot be accessed, but the port itself is not closed, only the port is shielded.