Summary: How to verify if a Tcp port/service is in use

From: sunhux G <sunhux_at_gmail.com>
Date: Sat Apr 26 2008 - 00:33:33 EDT
Thanks a lot.

I'll use a combination of A & B.  "netstat -an" will show all the ports
including those "listening", "established" but it's the "established"
ones that indicate the port is being used :

These have answered my question of how to differentiate
between a telnet & an ssh access to the server.

A)
Lsof shows list of open files , but with lsof -i:80 you will see if port 80
is in use or not - not only tell you if it's in use, but it'll tell you
what's using it

B)

'netstat -f inet' will show you all IPv4 ports in use; 'netstat -P tcp'
shows you all TCP sockets in use, regardless of address family. You could
probably cron it to run every few minutes, dump the output to a file, and
with a little grepping get a list of all ports used over the next few days

C)

>From another machine use nmap and nmapfe
D)
netstat -an | awk '$1~ /\*\./ { print $0 }'


Tks
U

On 4/25/08, sunhux G <sunhux@gmail.com> wrote:
>
> Hi
>
>
> On a production server, how could I find out if a Tcp port/service
> is in use?
>
> I plan to disable the service for audit purpose but do not want
> to disrupt a needed service & there's no historical document
> on the servers that I took over.
>
>
> Will tcpwrappers help? Probably not in time for me to install
> tcpwrappers as it needs to run for a week or two to get the
> results but the audit issues need to close in a week's time.
>
> "last" command can't differentiate between a telnet & ssh
> login, or can it?
>
> I've got some replies from Ric & Chris earlier for ftp & telnet
> & Apache (which I'll summarize on Monday).  Now there's
> more services like :
>
> 100146/1        tli     rpc/ticotsord    /usr/lib/security/amiserv
> 100147/1        tli     rpc/ticotsord   /usr/lib/security/amiserv
> 100235/1       tli rpc/ticotsord /usr/lib/fs/cachefs/cachefsd
> ufsd/1  tli     rpc/*   wait    root    /usr/lib/fs/ufs/ufsd
>
>
> Thanks vm
> U
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Sat Apr 26 00:34:15 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:10 EST