tcp 0 0 :::111 :::* LISTEN
Above is the output of netstat -nl | grep 111What is the meaning of :::111 segment?
technet.microsoft.com says that:
Displays active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics
(for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for
the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used
without parameters, netstat displays active TCP connections.
So you can find which addresses and ports are used and listening. for example you want to run a Tomcat server on port 8080. but it used. so you can run:
netstat -ano | find "8080"
output will be something like:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1185
TCP [::]:8080 [::]:0 LISTENING 1185
It says that process number 1185 is using this port. If it is necessary to use this port you can shutdown the app that use this port and run your server on it by this command:
taskkill /F /PID 1185
#echo off
:myline
netstat -nob
echo.
echo.
ping 127.0.0.1 > %temp%\pingio.txt
goto myline
Put this in a batch file and run it as Administrator to monitor network processes.
Related
I launched a program that listens at 127.0.0.1:3000 on a CentOS server. I haven't sent any message to the program but it keeps receiving data. I want to know who is sending data to my program. So I type in the following command:
netstat -an | grep 3000
A snapshot output is:
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3000 127.0.0.1:41960 TIME_WAIT
tcp 0 0 127.0.0.1:3000 127.0.0.1:41956 TIME_WAIT
tcp 0 0 127.0.0.1:3000 127.0.0.1:41964 TIME_WAIT
tcp 1 0 127.0.0.1:41968 127.0.0.1:3000 CLOSE_WAIT
tcp 0 0 127.0.0.1:3000 127.0.0.1:41952 TIME_WAIT
tcp 0 0 127.0.0.1:3000 127.0.0.1:41968 FIN_WAIT2
The output changes every time I type in the command. The port numbers in a pattern like 4xxxx increment frequently.
If I type in lsof -nPi tcp:3000, one of the outputs is
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
node 76230 xxx 18u IPv4 130828 0t0 TCP 127.0.0.1:3000 (LISTEN)
node 76230 xxx 20u IPv4 208468 0t0 TCP 127.0.0.1:3000->127.0.0.1:42072 (ESTABLISHED)
I don't know what these 4xxxx numbers stand for. In my case, how to know who is sending data to 127.0.0.1:3000?
You got a PID 76230 and having that you can get to know the process name by
$ ps -p 76230 -o comm=
I'm studying Iptables on linux, and try to reject all traffic coming to port 80.
I execute iptables -A INPUT --dport 80 -j REJECT on kali-linux.
But how can I testing the result that "all traffic to port 80 is rejected".
And what if allow traffic to port 80 and reject traffic going out through port 80.
I have Nginx on my PC.
There are many ways to check if port 80 is open.
Easiest way is to type telnet myserver.com 80 from a remote computer. It tries to open a port 80 on server. It timeout if unable to open.
Use netstat to show the processes listening on TCP or UDP ports. Scan and grep for port-80.
Something like this:
netstat -an | grep PORTNUMBER | grep -i listen
If you have an output, that means port 80 is open and listening.
External way
nmap example.com -p 80
Internal way
iptables -L -v -n --line-numbers
I'm using the net-snmp for gather system information in linux.
but I found there is problem.
when I check port usage of Net-SNMP by netstat, I found net-snmp using 3 UDP port.
Here is the result.
[root# snmp]# netstat -anp | grep snmp
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 6392/snmpd
udp 0 0 0.0.0.0:49005 0.0.0.0:* 6392/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 6392/snmpd
udp 0 0 0.0.0.0:44837 0.0.0.0:* 6392/snmpd
as you can see, the snmpd using 2 more udp port without 161.
also I found why the 2 udp ports are randomly occupied by snmp.
those ports are using for sending snmp trap.
when I remove the tran2sink and informsink option, the 2 UDP ports are no more appear.
this is my part of configuration of snmpd.conf
###########################################################################
# SECTION: Trap Destinations
#
# Here we define who the agent will send traps to.
# trap2sink: A SNMPv2c trap receiver
# arguments: host [community] [portnum]
trap2sink 192.168.1.4
# informsink: A SNMPv2c inform (acknowledged trap) receiver
# arguments: host [community] [portnum]
informsink 192.168.1.4 NMS_COM
# trapcommunity: Default trap sink community to use
# arguments: community-string
trapcommunity NMS_COM
# authtrapenable: Should we send traps when authentication failures occur
# arguments: 1 | 2 (1 = yes, 2 = no)
authtrapenable 1
my program have to use 40000~50000 udp port.
so I want to use those trap options and change the ports.
how can I fix the ports?
You can try to set port for the directives as below:
trap2sink 1.1.1.1:port_num e.g. trap2sink 1.1.1.1:162
I hope I understood your question and this would help.
These are SNMP Ephemeral ports. Here is a quote from a Microsoft support page on them:
While SNMP service is running it may be noticed via the netstat
Command Line utility that in addition to the well known ports for
sending and receiving SNMP traps (161/162) that a random ephemeral
port has been created by the service as well.
The random port usage is intended behavior and is opened for the
purpose of sending "management" traps
...
This port will remain in
the system while the SNMP service is running, but is not actively used
unless a management trap is to be sent outbound. Since SNMP does not
listen for inbound packets on this random port, this does not present
a security vulnerability.
I have three MySQL database sockets running on a Linux machine. By the cmd "sudo netstat -npl|grep mysql", I can find the ports and db sockets. But I need to match them one to one by using pid.
Is there any cmd I can use to show the port number of a db socket directly in Linux?
The output looks like this:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3886/mysqld
The PID of the mysqld process is the number before /mysqld, i.e. 3886.
There's several different ways to do it, but for your purposes, I suggest simply looking at the output of the command you're already running.
$ sudo netstat -npl|grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1124/mysqld
unix 2 [ ACC ] STREAM LISTENING 8713 1124/mysqld /var/run/mysqld/mysqld.sock
This is telling me that process 1124 is listening on 3306 and /var/run/mysqld/mysqld.sock
On one of my nodes I see in netstat -ln output:
tcp 0 0 192.168.25.207:9160 0.0.0.0:* LISTEN
On another for the same port:
tcp 0 0 ::ffff:192.168.25.208:9160 :::* LISTEN
And that's why I think on another node I can't see JMX 7199 port open. On first it's opened, I can see it with netstat -ln | grep 7199 command:
tcp 0 0 0.0.0.0:7199 0.0.0.0:* LISTEN
What's the difference in configuration of my system, why there is ipv6 on one node? Machines are equal, cassandra configs are equals too?
Sorry, guys, my bad - I fell asleep on my keyboard while vi was opened on /etc/cassandra/conf/cassandra-env.sh, the file was corrupted.