[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: AW: Program PORT ?



On Friday 30 April 2004 12:13, Jaime Soriano Pastor wrote:
> Jens Simmoleit escribió:
> >>>>What is the command to check which PORT is currently use in my
> >>>> Linux Server...?
> > I guess he might be looking for netstat
[..]
> Or for nmap, that says what server is in each port:
> $ nmap localhost
> Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-04-30
> 13:10 CEST
> Interesting ports on localhost (127.0.0.1):
> (The 1640 ports scanned but not shown below are in state: closed)
> PORT     STATE SERVICE
> 9/tcp    open  discard

No, it doesn't.  It simply lists what service is registered on that port, 
or which is "well known".  I could configure Courier IMAP to listen on 
port 80 and if I did a simple TCP connect() scan in nmap it would tell me 
port 80, HTTP, is open.  This is not incorrect as port 80 is registered 
for HTTP but it doesn't mean that is what is running.

See here -> http://www.iana.org/assignments/port-numbers

In more recent versions of nmap you might use the "-sV" option to enable 
version scanning, this will produce a more accurate description of what 
is running based on fingerprints.

The original posters question can be answered using netstat or lsof.  As 
netstat has already been covered, here is how I'd use lsof:

# lsof | grep -i ipv4.*listen

This will list any processes listening on a port, for TCP that's those 
that have done a passive open on it.  I prefer lsof to netstat as it 
gives process names and PIDs, the user running it and various other 
information, for example:

squid  717  proxy  12u  IPv4  2486  TCP *:3128 (LISTEN)

David



Reply to: