Check the open ports on the VPS and the processes are running

ort does not mean a gateway, but an ID number for a certain application, Simply if you access the same server with different applications such as Email, File transfer, ... then all the data you send is packed into the packet and sent to the server, if there are no ports, the server cannot understand which application the packet belongs to so it can be processed.
hence in each packet there must be both the IP and the port that make up the sockets.


In this article, we will look for different ways to find out which process / service is listening on a port in linux.


I. Use the netstat command


The Netstat (Network statistics) command is commonly used to display information related to network connections, routing tables, etc. It is available on all unix systems like linux, or even windows. In case you don't have it installed by default, you can install it with the following command:


$ sudo yum install net-tools	#RHEL/CentOS 
$ sudo apt install net-tools #Debian/Ubuntu
$ sudo dnf install net-tools #Fedora 22+

Once installed, you can use this command with the `Grep command` to find out which processes are listening on a specific port on linux as follows:


$ netstat -ltnp | grep -w 80 
Kết quả:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3331/nginx: master

Explanation of the prefixes that accompany the command above:


l


 Chỉ hiện thỉ các socket đang lắng nghe.

t


 Hiển thị các kết nối TCP.

n


 Hiển thị số địa chỉ.

p


 Kích hoạt hiển thị ID tiến trình và tên tiến trình.

grep -w


 Hiển thị khớp chính xác với từ khóa

Use the command to display the ports on the open VPS both udp and tcp:


netstat -tulpn
Kết quả:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:904 0.0.0.0:* LISTEN 4064/python
tcp 0 0 127.0.0.1:905 0.0.0.0:* LISTEN 4064/python
tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 4355/openvpn-openss
tcp 0 0 127.0.0.1:906 0.0.0.0:* LISTEN 4064/python
tcp 0 0 127.0.0.1:907 0.0.0.0:* LISTEN 4064/python
tcp 0 0 127.0.0.1:908 0.0.0.0:* LISTEN 4064/python
tcp 0 0 127.0.0.1:909 0.0.0.0:* LISTEN 4064/python
tcp 0 0 0.0.0.0:943 0.0.0.0:* LISTEN 4064/python
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3331/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2804/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3434/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3331/nginx: master
tcp 0 0 127.0.0.1:8125 0.0.0.0:* LISTEN 4545/netdata
tcp 0 0 0.0.0.0:19999 0.0.0.0:* LISTEN 4545/netdata
tcp6 0 0 :::3306 :::* LISTEN 2940/mysqld
tcp6 0 0 :::22 :::* LISTEN 2804/sshd
tcp6 0 0 ::1:25 :::* LISTEN 3434/master
tcp6 0 0 ::1:8125 :::* LISTEN 4545/netdata
tcp6 0 0 :::19999 :::* LISTEN 4545/netdata
udp 0 0 127.0.0.1:8125 0.0.0.0:* 4545/netdata
udp 0 0 0.0.0.0:68 0.0.0.0:* 2749/dhclient
udp 0 0 0.0.0.0:1194 0.0.0.0:* 4396/openvpn-openss
udp 0 0 127.0.0.1:323 0.0.0.0:* 1544/chronyd
udp6 0 0 ::1:8125 :::* 4545/netdata
udp6 0 0 ::1:323 :::* 1544/chronyd



II. Use lsof Command


lsof command (LiSt Open Files) is used to list all the files opened in the linux system. It can be installed using the command below:


$ sudo yum install lsof	        #RHEL/CentOS 
$ sudo apt install lsof #Debian/Ubuntu
$ sudo dnf install lsof #Fedora 22+

To find out which process / service is listening on a particular port, use the following command:


$ lsof -i :80

III. Use fuser Command


The Fuser command displays the PIDS belonging to the process using the specified file or file system in linux.


You can install by command:


$ sudo yum install psmisc	#RHEL/CentOS 
$ sudo apt install psmisc #Debian/Ubuntu
$ sudo dnf install psmisc #Fedora 22+

To find process / service listen on certain port, use the following command:



  • Find PID using port 80 / tcp:


   $ fuser 80/tcp


  • Find the service name with the PID number using the ps command as follows:


$ ps -p 7823 -o comm=
$ ps -p 7824 -o comm=

$ ps -p 7825 -o comm=
$ ps -p 7826 -o comm=



Kết quả với cả 3 cách trên bạn đều có thể tìm ra tiến trình đang lắng nghe trên một port cụ thể, Như trong cả 3 ví dụ phía trên port đang lắng nghe là `nginx`.
Hi vọng bài viết này sẽ giúp bạn có thêm được hướng xử lý trong các trường hợp cụ thể.

Preliminary check what the port is handling.


 


 


A visual example testing the connection between my VPS and the computer.


On windown I check with the command:


netstat -aon |find /i "listening" |find "port"
Kết quả:
TCP 192.168.1.8:49486 45.76.102.230:22 ESTABLISHED 8788
TCP 192.168.1.8:49547 45.76.102.230:22 ESTABLISHED 6464
TCP 192.168.1.8:56433 45.76.102.230:80 ESTABLISHED 14704

My computer can connect to VPS through 3 processes with port 22, 80 respectively.


Results on VPS:


netstat -ano | grep 113.161.51.105

kết quả:

tcp 0 1096 45.76.102.230:22 113.161.51.105:49486 ESTABLISHED on (0.22/0/0)
tcp 0 1447644 45.76.102.230:80 113.161.51.105:56433 ESTABLISHED on (0.22/0/0)
tcp 0 36 45.76.102.230:22 113.161.51.105:49547 ESTABLISHED on (0.35/0/0)

Hoặc:
lsof -i -P -n | grep 113.161.51.105
nginx 3334 nginx 99u IPv4 358739 0t0 TCP 45.76.102.230:80->113.161.51.105:56433 (ESTABLISHED)
sshd 12700 root 3u IPv4 34864 0t0 TCP 45.76.102.230:22->113.161.51.105:49547 (ESTABLISHED)
sshd 24119 root 3u IPv4 187699 0t0 TCP 45.76.102.230:22->113.161.51.105:49486 (ESTABLISHED)


So I know the process with PID of 3334 is setting up to keep the personal computer and VPS through port 80.


As in the beginning we have the command: netstat -tulpn to detect open ports on VPS


Assuming I need more information about port 80, I can use the scripts:


#Tìm thêm thông tin về port 80, user, pid, 
netstat -tulpn
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=3334,fd=94),("nginx",pid=3331,fd=94))

#Thông tin về thư mực thực thi process tương ứng với PID.
ls -l /proc/3334/cwd
Hoặc
pwdx 3334

/proc/3334/cwd -> /


#Thông tin về chương trình cha (owner) chạy process có PID tương ứng.
ls -l /proc/3334/exe
lrwxrwxrwx 1 nginx nginx 0 Aug 31 13:37 /proc/3334/exe -> /usr/sbin/nginx
Hoặc
ps aux | grep 3334
nginx 3334 0.0 2.6 590184 50384 ? S 07:21 0:17 nginx: worker process

Ngoài ra bạn có thể sử dụng lệnh:
lsof -p 3334

List all network files in use by one process:


lsof -i -a -p 3334
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 3334 nginx 94u IPv4 21996 0t0 TCP *:http (LISTEN)
nginx 3334 nginx 95u IPv4 21997 0t0 TCP *:https (LISTEN)
nginx 3334 nginx 99u IPv4 383183 0t0 TCP 45.76.102.230.vultr.com:http->static.vnpt.vn:58591 (ESTABLISHED)
nginx 3334 nginx 100u IPv4 52086 0t0 UDP 45.76.102.230.vultr.com:41220->dns.google:domain
nginx 3334 nginx 101u IPv4 22742 0t0 UDP 45.76.102.230.vultr.com:33286->dns.google:domain
nginx 3334 nginx 102u IPv4 23710 0t0 UDP 45.76.102.230.vultr.com:43622->dns.google:domain
nginx 3334 nginx 103u IPv4 80365 0t0 UDP 45.76.102.230.vultr.com:34841->dns.google:domain
nginx 3334 nginx 104u IPv4 85133 0t0 UDP 45.76.102.230.vultr.com:48675->dns.google:domain
nginx 3334 nginx 105u IPv4 51447 0t0 UDP 45.76.102.230.vultr.com:52686->dns.google:domain
nginx 3334 nginx 106u IPv4 236726 0t0 UDP 45.76.102.230.vultr.com:52882->dns.google:domain
nginx 3334 nginx 107u IPv4 85186 0t0 UDP 45.76.102.230.vultr.com:41283->dns.google:domain
nginx 3334 nginx 108u IPv4 247066 0t0 UDP 45.76.102.230.vultr.com:44906->dns.google:domain
nginx 3334 nginx 110u IPv4 60738 0t0 UDP 45.76.102.230.vultr.com:46542->dns.google:domain
nginx 3334 nginx 111u IPv4 377114 0t0 UDP 45.76.102.230.vultr.com:52172->dns.google:domain
nginx 3334 nginx 112u IPv4 383920 0t0 TCP 45.76.102.230.vultr.com:http->static.vnpt.vn:64472 (ESTABLISHED)
nginx 3334 nginx 113u IPv4 104643 0t0 UDP 45.76.102.230.vultr.com:38557->dns.google:domain
nginx 3334 nginx 114u IPv4 135952 0t0 UDP 45.76.102.230.vultr.com:35862->dns.google:domain
nginx 3334 nginx 115u IPv4 383921 0t0 TCP 45.76.102.230.vultr.com:http->static.vnpt.vn:64473 (ESTABLISHED)
nginx 3334 nginx 116u IPv4 383922 0t0 TCP 45.76.102.230.vultr.com:https->static.vnpt.vn:64474 (ESTABLISHED)
nginx 3334 nginx 117u IPv4 329802 0t0 UDP 45.76.102.230.vultr.com:33911->dns.google:domain
nginx 3334 nginx 119u IPv4 382794 0t0 TCP 45.76.102.230.vultr.com:https->dynamic-ip-adsl.viettel.vn:63263 (ESTABLISHED)
nginx 3334 nginx 126u IPv4 382807 0t0 TCP 45.76.102.230.vultr.com:https->dynamic-ip-adsl.viettel.vn:45618 (ESTABLISHED)
nginx 3334 nginx 164u IPv4 383546 0t0 TCP 45.76.102.230.vultr.com:https->static.vnpt.vn:50706 (ESTABLISHED)
nginx 3334 nginx 175u IPv4 383926 0t0 TCP 45.76.102.230.vultr.com:https->static.vnpt.vn:64479 (ESTABLISHED)


 










































About My name is Nguyen Manh Cuong. I was born in a poor village in Ba Vi district, HA NOI province - windy and sunny land. Currently. https://www.nguyendiep.com/. Mr Cuong.
Newer Posts Newer Posts Older Posts Older Posts

Comments

Post a Comment