Lesson 12

Date: 6/24/2015
Basics of Linux Security
Linux System Administration

Open Ports List

To see what ports are open, run command
netstat -nal
and check on TCP and UDP ports in the listing. To see what processes are bound to what ports, run as root
netstat -nalp

root@engdebian:~# netstat -nalp | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address       Foreign Address   State       PID/Program name   
tcp        0      0*         LISTEN       1742/lpd Waiting    
tcp        0      0*         LISTEN       1726/exim4          
tcp        0      0   ESTABLISHED  2229/ssh            
tcp        0      0  ESTABLISHED  2195/pine           
tcp6       0      0 :::22               :::*              LISTEN       1813/sshd           
udp        0      0*                      2085/dhclient       

netstat -n --inet --listening --programs

Also, the processes responsible for the open ports can be identified with
lsof -i
See example.
Syntax of lsof:
lsof -i [TCP|UDP][@host][:port]

To list all open files for specific processes:
lsof -p PID 
lsof -c COMMAND
lsof -u username
To list all open files

SSH to smbhost VM, become root, and run lsof to see the open internet ports:
sudo -s
lsof -i -P
Note, option "-P" shows you the port number.
You should see the ports opened for the following services: dhclient3, udp/68, sshd, tcp/22.
If you have installed Samba in the previous class, you should also see the Samba related services with their ports, such as smbd, tcp/137,138,139, tcp/445, and nmbd, udp/136,138.

Take me to the Course Website