To show listening sockets in Unix, the "netstat" utility can be used with different arguments, depending on the specific OS.
Man netstat:
Quote:
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-e, --extend
Display additional information. Use this option twice for maximum detail.
[--tcp|-t]
-p, --program
Show the PID and name of the program to which each socket belongs.
[--udp|-u]
-l, --listening
Show only listening sockets. (These are omitted by default.)
[--all|-a]
Of course, "netstat -tulp" is enough to see if sshd/httpd are listening on their TCP ports, but I prefer the below example.
Checking SSH and Apache TCP ports in Linux using netstat:Code:
# netstat -netpula | grep -E ":22|:80"
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 :::80 :::* LISTEN 0 78720642 5514/httpd
tcp 0 0 :::22 :::* LISTEN 0 1688637 23490/sshd
Displayed are the ID of the user that runs sshd & httpd, PID of the process and state (LISTEN).
Checking SSH and Apache TCP ports in Linux using lsof utility:Code:
# lsof -Pni :22 -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 17543 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 17815 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18040 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18046 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18278 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 56459 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
sshd 61609 root 3u IPv6 0xc35d3570 0t0 TCP *:22 (LISTEN)
sshd 61609 root 4u IPv4 0xc35d3ae0 0t0 TCP *:22 (LISTEN)
httpd 75304 root 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 78080 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
To show listening sockets in Unix, the "netstat" utility can be used with different arguments, depending on the specific OS.
Man netstat:
[quote]
--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.
-e, --extend
Display additional information. Use this option twice for maximum detail.
[--tcp|-t]
-p, --program
Show the PID and name of the program to which each socket belongs.
[--udp|-u]
-l, --listening
Show only listening sockets. (These are omitted by default.)
[--all|-a]
[/quote]
Of course, "netstat -tulp" is enough to see if sshd/httpd are listening on their TCP ports, but I prefer the below example.
[b]Checking SSH and Apache TCP ports in Linux using netstat:[/b]
[code]# netstat -netpula | grep -E ":22|:80"
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 :::80 :::* LISTEN 0 78720642 5514/httpd
tcp 0 0 :::22 :::* LISTEN 0 1688637 23490/sshd
[/code]
Displayed are the ID of the user that runs sshd & httpd, PID of the process and state (LISTEN).
[b]Checking SSH and Apache TCP ports in Linux using lsof utility:[/b]
[code]# lsof -Pni :22 -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 17543 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 17815 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18040 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18046 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 18278 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 56459 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
sshd 61609 root 3u IPv6 0xc35d3570 0t0 TCP *:22 (LISTEN)
sshd 61609 root 4u IPv4 0xc35d3ae0 0t0 TCP *:22 (LISTEN)
httpd 75304 root 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
httpd 78080 www 3u IPv6 0xc35d3cb0 0t0 TCP *:80 (LISTEN)
[/code]