LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Open Ports? (https://www.linuxquestions.org/questions/linux-security-4/open-ports-14049/)

tarballedtux 02-11-2002 04:12 PM
Open Ports?
 
I did a `netstat -l` and was confused about the entries other than the ones with LISTEN to the right of them. Does anyone know what they mean?

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:587 *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:1024 *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
udp 0 0 mybox:netbios-dgm *:*
udp 0 0 mybox:netbios-ns *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 *:1164 *:*
udp 0 0 *:1163 *:*
udp 0 0 *:1160 *:*
udp 0 0 *:1159 *:*
udp 0 0 *:1158 *:*
udp 0 0 *:1157 *:*
udp 0 0 *:1156 *:*
udp 0 0 *:1155 *:*
udp 0 0 *:1154 *:*
udp 0 0 *:1151 *:*
udp 0 0 *:1150 *:*
udp 0 0 *:1149 *:*
udp 0 0 *:1148 *:*
udp 0 0 *:1147 *:*
udp 0 0 *:1146 *:*
udp 0 0 *:1145 *:*
udp 0 0 *:1144 *:*
udp 0 0 *:1143 *:*
udp 0 0 *:1142 *:*
udp 0 0 *:1141 *:*
udp 0 0 *:1140 *:*
udp 0 0 *:1139 *:*
udp 0 0 *:1138 *:*
udp 0 0 *:1137 *:*
udp 0 0 *:1136 *:*
udp 0 0 *:1134 *:*
udp 0 0 *:1133 *:*
udp 0 0 *:1132 *:*
udp 0 0 *:1131 *:*
udp 0 0 *:1130 *:*
udp 0 0 *:1129 *:*
udp 0 0 *:1128 *:*
udp 0 0 *:1127 *:*
udp 0 0 *:1126 *:*
udp 0 0 *:1125 *:*
udp 0 0 *:1124 *:*
udp 0 0 *:1025 *:*
udp 0 0 *:977 *:*
udp 0 0 *:1024 *:*
udp 0 0 *:sunrpc *:*
raw 0 0 *:icmp *:* 7
raw 0 0 *:tcp *:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 0 [ ACC ] STREAM LISTENING 661 /dev/gpmctl
unix 0 [ ACC ] STREAM LISTENING 789 /tmp/.font-unix/fs7100






Thanks in advance.

finegan 02-11-2002 06:29 PM
That's all the ports listed in any way in /etc/services, so therefore the kernel knows about them. There is probably nothing listening to them, so they're not really open. To best find out what ports you have open, install nmap and port scan yourself. Its especially funny to watch portsentry or tripwire go berserk if you have any of that installed.

Cheers,

Finegan

unSpawn 02-12-2002 01:05 AM
UDP is a stateless protocol, so you wouldn't see a listening state on it (man netstat, /state).
A way to expand your /etc/services to better map more service names is to exchange it with nmap's services file.
A way to locally see what apps use which socket is lsof (if they're not closing fast), see my reply here on how to.


All times are GMT -5. The time now is 05:55 PM.