What is the command to view the process port in Linux?-Linux Operation and Maintenance-php.cn

Home

Operation and Maintenance

Linux Operation and Maintenance

What is the command to view the process port in Linux?

青灯夜游

Jun 17, 2022 pm 02:30 PM

linux

View commands include: 1. ss command, which can check the occupancy of process ports, the syntax is "ss -tnlp | grep "port number""; 2. netstat command, which can display related information such as ports and processes. Syntax "netstat -tnlp | grep "port number""; 3. lsof command, you can check the port occupancy, the syntax "lsof -i tcp:port number"; 4. fuser command, you can check the port occupancy, the syntax "fuser - v port number/tcp".

What is the command to view the process port in Linux?

#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.

Port is the identifier of the logical connection between specific processes on the Linux system, including physical ports and software ports. Since the Linux operating system is a software, this article only discusses software ports. Software ports are always associated with a host's IP address and associated communications protocol, so ports are often used to differentiate applications. Most services that involve networking must open a socket to listen for incoming network requests, and each service uses a separate socket.

The socket is used in combination with the IP address, software port and protocol. The port number is applicable to both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) protocols. Both TCP and UDP can be used. Use port numbers between 0 and 65535 for communication.

The following are the port allocation categories:

0 – 1023: Common ports and system ports
1024 – 49151: Software Registered port
49152 – 65535: Dynamic port or private port

You can use the following six methods to view the port information of the process

#ss: Can be used to dump socket statistics.
netstat: Can display a list of open sockets.
lsof: Can list open files.
fuser: You can list the process IDs of processes that have files open.
nmap: is a network detection tool and port scanner.
systemctl: is the control manager and service manager of the systemd system.

Below we will find out the port number used by the sshd daemon.

Method 1: Use the ss command

ss is generally used to dump socket statistics. It can output information similar to the output of netstat, but it can display more TCP information and status information than other tools.

It can also display all types of socket statistics, including PACKET, TCP, UDP, DCCP, RAW, Unix domains, etc.

# ss -tnlp | grep ssh

What is the command to view the process port in Linux?

#You can also use the port number to check.

# ss -tnlp | grep ":22"

What is the command to view the process port in Linux?

Method 2: Use the netstat command

netstat can display network connections, routing tables, interface statistics, masquerading connections, and Multicast members.

By default, netstat lists open sockets. If no address family is specified, active sockets for all configured address families are displayed. But netstat is outdated, and ss is generally used instead.

# netstat -tnlp | grep ssh

What is the command to view the process port in Linux?

#You can also use the port number to check.

# netstat -tnlp | grep ":22"

What is the command to view the process port in Linux?

Method 3: Use the lsof command

lsof can list open files and list files opened by processes on the system information about the file.

# lsof -i -P | grep ssh

What is the command to view the process port in Linux?

#You can also use the port number to check.

# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN)
sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN)
sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)

Method 4: Use the fuser command

The fuser tool will display the process ID of the process that has the file open on the local system in the standard output.

# fuser -v 22/tcp

What is the command to view the process port in Linux?

Method 5: Use the nmap command

nmap ("Network Mapper") is a software for network detection and security Open source tools for auditing. It was originally designed for fast scanning of large networks, but it also performs well for scanning of individual hosts.

nmap uses raw IP packets to determine the hosts available on the network, their services (including application names and versions), the operating system the host is running (including information such as operating system version), the Type of packet filter or firewall, and much other information.

# nmap -sV -p 22 localhost

What is the command to view the process port in Linux?

Method 6: Use systemctl command

systemctl 是 systemd 系统的控制管理器和服务管理器。它取代了旧的 SysV 初始化系统管理，目前大多数现代 Linux 操作系统都采用了 systemd。

# systemctl status sshd
● sshd.service - OpenSSH server daemon
 Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
 Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago
 Docs: man:sshd(8)
 man:sshd_config(5)
 Main PID: 11584 (sshd)
 CGroup: /system.slice/sshd.service
 └─11584 /usr/sbin/sshd -D

Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Starting OpenSSH server daemon...
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on 0.0.0.0 port 22.
Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on :: port 22.
Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Started OpenSSH server daemon.
Sep 23 02:09:15 vps.2daygeek.com sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth]
Sep 23 02:09:41 vps.2daygeek.com sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2

以上输出的内容显示了最近一次启动 sshd 服务时 ssh 服务的监听端口。但它不会将最新日志更新到输出中。

# systemctl status sshd
● sshd.service - OpenSSH server daemon
 Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
 Active: active (running) since Thu 2018-09-06 07:40:59 IST; 2 weeks 3 days ago
 Docs: man:sshd(8)
 man:sshd_config(5)
 Main PID: 1208 (sshd)
 CGroup: /system.slice/sshd.service
 ├─ 1208 /usr/sbin/sshd -D
 ├─23951 sshd: [accepted]
 └─23952 sshd: [net]

Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: Invalid user pi from 95.210.113.142 port 51666
Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: input_userauth_request: invalid user pi [preauth]
Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142
Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): check pass; user unknown
Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142
Sep 23 12:50:39 vps.2daygeek.com sshd[23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh2
Sep 23 12:50:39 vps.2daygeek.com sshd[23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh2
Sep 23 12:50:40 vps.2daygeek.com sshd[23911]: Connection closed by 95.210.113.142 port 51670 [preauth]
Sep 23 12:50:40 vps.2daygeek.com sshd[23909]: Connection closed by 95.210.113.142 port 51666 [preauth]

大部分情况下，以上的输出不会显示进程的实际端口号。这时更建议使用以下这个 journalctl 命令检查日志文件中的详细信息。

# journalctl | grep -i "openssh\|sshd"

What is the command to view the process port in Linux?

相关推荐：《Linux视频教程》

The above is the detailed content of What is the command to view the process port in Linux?. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn