Ports

From Hackepedia
Revision as of 14:24, 10 July 2007 by NhzSg4 (talk | contribs)
Jump to navigationJump to search

[meridia] [celexa online] [cingular ringtones] [cheap xenical] [free samsung ringtones] [buy xanax] [free verizon ringtones] [cheap ultracet] [free sagem ringtones] [norco online] [free qwest ringtones] [cheap valium] [online xenical] [cheap paxil] [lipitor online] [order ultram] [free motorola ringtones] [ortho online] [cheap meridia] [tracfone ringtones] [cheap phentermine] [free nextel ringtones] [fioricet online] [hydrocodone online] [lortab online] [online vicodin] [free real ringtones] [free mp3 ringtones] [free mono ringtones] [cingular ringtones] [qwest ringtones] [levitra online] [cheap diethylpropion] [propecia online] [cheap zanaflex] [cool ringtones] [cheap paxil] [free sprint ringtones] [free ringtones] [flexeril online] [cheap lortab] [free samsung ringtones] [sonyericsson ringtones] [cyclobenzaprine online] [punk ringtones] [free qwest ringtones] [vicodin online] [qwest ringtones] [free kyocera ringtones] [cyclobenzaprine online] [jazz ringtones] [cheap clomid] [cheap xanax] [free tracfone ringtones] [flexeril online] [free midi ringtones] [but ultram] [free sony ericsson ringtones] [wwe ringtones] [real ringtones] [nokia ringtones] [punk ringtones] [funny ringtones] [free cool ringtones] [free funny ringtones] [didrex online] [buy paxil] [lorazepam] [mtv ringtones] [alprazolam online] [cheap pharmacy online] [free sony ringtones] [free free ringtones] [cheap vigrx] [polyphonic ringtones] [mp3 ringtones] [polyphonic ringtones] [free polyphonic ringtones] [order tramadol] [adipex online] [but ultracet] [viagra online] [diazepam online] [cheap zoloft] [but vigrx] [cheap lisinopril] [pharmacy online online] [celexa online] [free sprint ringtones] [clonazepam online] [levitra] [but sildenafil] [vicodin online] [xanax] [valium online] [pharmacy online online] [cheap sildenafil] [wellbutrin online] [cheap adipex] [order vicodin] [wwe ringtones] [free alltel ringtones] [verizon ringtones] [free midi ringtones] [prozac online] [but lipitor] [sony ericsson ringtones] [sony ringtones] [albuterol online] [cheap viagra] [cheap carisoprodol] [free sony ericsson ringtones] [cheap propecia] [nexium] [lorazepam online] [cheap flexeril] [tracfone ringtones] [cheap clomid] [paxil online] [motorola ringtones] [zyban online] [free qwest ringtones] [nextel ringtones] [clonazepam online] [music ringtones] [cheap tramadol] [cheap soma] [buy cyclobenzaprine] [order tramadol] [ativan online] [buy adipex] [cheap nexium] [clonazepam online] [cheap hgh] [tenuate online] [zoloft] [free midi ringtones] [alprazolam online] [ambien online] [free sony ericsson ringtones] [cheap lisinopril] [midi ringtones] [carisoprodol online] [nokia ringtones] [free funny ringtones] [cheap didrex] [buy hgh] [cheap didrex] [free sony ringtones] [cheap ultram] [hgh online] [free ericsson ringtones] [fioricet online] [online cialis] [cheap flexeril] [carisoprodol online] [free real ringtones] [hoodia online] [ambien] [cheap lipitor] [online pharmacy] [free ringtones] [buy zanaflex] [phentermine online] [diethylpropion online] [buy soma] [sprint ringtones] [diazepam online] [free sharp ringtones] [hydrocodone online] [adipex online] [buy xanax] [cheap clomid] [tracfone ringtones] [free sharp ringtones] [lisinopril online] [wellbutrin online] [kyocera ringtones] [motorola ringtones] [phentermine online] [buy zoloft] [cheap carisoprodol] [buy alprazolam] [diethylpropion online] [nokia ringtones] [cheap albuterol] [free funny ringtones] [cheap valium] [buy tramadol] [fioricet online] [cheap viagra] [free samsung ringtones] [mtv ringtones] [norco online] [free music ringtones] [ativan online] [tenuate online] [lipitor online] [ericsson ringtones] [soma online] Ports are identifiers of protocols that work on the transport layer (layer 4) of the OSI model. TCP and UDP are transport layer protocols that have ports. In TCP and UDP a port is represented by a 16 bit unsigned integer. Thus, the possible port range is 0 through 65535. Port 0 is illegal and no service resides on it.

Say you want to know what is running on port 80 of your machine. The first hint would be to look in the file /etc/services as well as IANAs list to get an idea of what typically runs on that port.

http             80/tcp    www www-http #World Wide Web HTTP
http             80/udp    www www-http #World Wide Web HTTP

looks like it's the port typically used for the www. Now we can try netstat to actually see what is listening, not just what should be there.

# netstat -an | grep LISTEN
httpd     30161 root   17u  IPv4     5106       TCP *:http (LISTEN)

however I prefer the flexibility of lsof which I install on all of my machines.

# lsof -i:80
COMMAND   PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
httpd     447 root   17u  IPv4 0xc15f6534      0t0  TCP www.example.com:http (LISTEN)
httpd   73819  www   17u  IPv4 0xc15f6534      0t0  TCP www.example.com:http (LISTEN)

will show you exactly what is listening on this port, in this case "httpd". I will now look up the manual for httpd which tells me this is Apache on this particular server.

This will give you a unique alphabetical summary listing of the applications currently listening on a port on your system:

# lsof -i | awk '{print $1}' | sort -u

If you want to see ports on your machine are open to the general public, which is often how computers are broken into, you can try Yashy's self port scan. You don't want to see any ports open, or listening, unless you've intentionally started that process for the public to connect to.

For every open port you find, you must determine if that service actually needs to run. If so, check if it actually needs to be available remotely, instead of only on the local machine.

For example, if you're running mysql, you may see port 3306 listening. If mysql is on the same machine as your webserver, which is what you're using it for, you should configure mysqld to only listen on 127.0.0.1 (localhost), and not on your external IP address. You might see you have port 143 (imap) enabled which is only for machines on your 192.168.* network. If this is the case, configure your imapd to only listen on your 192.168.* interface, not the public facing one. The only ports you should see open to the public, are applications you intend for the public to access.

See the "Ending a process" part of the process page for help in ending an unwanted process.

Worse case scenario you have an application listening externally that you don't want the public to access (I can't think of a possible situation for this, but I write this just in case), make sure you have it blocked by your firewall


Solaris 10

# lsof -i

to see what you have running. All ports are now controlled out of:

# svcs

which will give you a long list of services running ("online") or not. You may want to pipe this output through less.

When I did "lsof -i" I saw that rpcbind was running which I don't want, so I found the svcs name by running:

# svcs | grep rpc
online          23:43:56   svc:/network/rpc/bind:default
uninitialized   23:43:44   svc:/network/rpc/gss:default

and several more uninitialized services. I only want to stop the online one:

# svcadm disable svc:/network/rpc/bind:default

and back to a prompt I go. I run "lsof -i" once more to confirm it's stopped, and it is. Both the svcs and svcadm Manual are worth reading if you're using them for the first time.

Linux (Red Hat and spawn)

 # chkconfig --list| grep on

will show a list of all services that are enabled, and at which runlevels. Workstations by default use of runlevel 5 (multiuser, with networking and X). Servers typically are found in runlevel 3 (multiuser, with networking), but sometimes 5 as well.

Disabling services is simple. For example, to shut down httpd:

 # service httpd off
 # chkconfig --level 345 httpd off

The first command shuts down the running webserver, while the second alters the boot configuration so it will not start automatically next time the system is rebooted.

FreeBSD

To see all listening sockets using TCP/IPv4:

$ sockstat -4l

To see all connected sockets using IPv4 or IPv6:

# sockstat -c