Lesson 12

Date: 6/25/2014
Basics of Linux Security
Linux System Administration


Open Ports List

To see what ports are open, run command
netstat -nal
and check on TCP and UDP ports in the listing. To see what processes are bound to what ports, run as root
netstat -nalp


root@engdebian:~# netstat -nalp | more


Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address       Foreign Address   State       PID/Program name   
tcp        0      0 0.0.0.0:515         0.0.0.0:*         LISTEN       1742/lpd Waiting    
tcp        0      0 127.0.0.1:25        0.0.0.0:*         LISTEN       1726/exim4          
tcp        0      0 192.168.1.101:1040  128.6.238.10:22   ESTABLISHED  2229/ssh            
tcp        0      0 192.168.1.101:1024  128.6.238.12:993  ESTABLISHED  2195/pine           
tcp6       0      0 :::22               :::*              LISTEN       1813/sshd           
udp        0      0 0.0.0.0:68          0.0.0.0:*                      2085/dhclient       


Similarly,
netstat -n --inet --listening --programs

Also, the processes responsible for the open ports can be identified with
lsof -i
See example.
Syntax of lsof:
lsof -i [TCP|UDP][@host][:port]

To list all open files for specific processes:
lsof -p PID 
lsof -c COMMAND
lsof -u username
To list all open files
lsof

Exercise
SSH to smbhost VM, become root, and run lsof to see the open internet ports:
ssh 192.168.122.42
sudo -s
lsof -i -P
Note, option "-P" shows you the port number.
You should see the ports opened for the following services: dhclient3, udp/68, sshd, tcp/22.
If you have installed Samba in the previous class, you should also see the Samba related services with their ports, such as smbd, tcp/137,138,139, tcp/445, and nmbd, udp/136,138.


Take me to the Course Website