In my custom linux image using netstat 1.42 (2001-04-15) from the package net-tools 1.60 I am seeing different behaviors for different linux versions..
On Linux 5.4.28:
# netstat -tnp | grep ESTABLISHED
tcp 0 0 <local_ip>:22 <client_ip>:14321 ESTABLISHED 29342/1
tcp 0 40 <local_ip>:22 <client_ip>:22470 ESTABLISHED 28443/0
On Linux 5.10.65:
# netstat -tnp | grep ESTABLISHED
tcp6 0 52 <local_ip>:22 <client_ip>:22470 ESTABLISHED 1/init
tcp6 0 52 <local_ip>:22 <client_ip>:33679 ESTABLISHED 1/init
The thing to note here is that on Linux 5.10, netstat shows PID as 1 and process as init for all ssh sessions. But in older linux, I am seeing correct PIDs for all ssh sessions. I need to know the client_ip and the PID for every ssh session so I can kill the session for whichever client I want.
From online searches, I could not figure out any fixes.
One alternative that I can see till now is using who to get this output:
# who
root pts/1 00:00 Jan 12 07:16:19 <client_ip>
root pts/2 00:03 Jan 12 08:21:07 <client_ip>
grep this with client_ip then use ps and grep that with the second column, like ps | grep pts/1 for first client.
Is there anything I can do to netstat to fix this though? Because netstat also give the client port which is useful for me.
Hello guys i need to resolve this problem (all server have installed centos 7): i'm trying to create a gre tunnel through vps (in Italy - OpenVZ) and a dedicated server (in Germany), but they do not communicate internally (ping and ssh command tests). Next i create a gre tunnel trought vps (in Italy - OpenVZ) and vps (in France - KVM OpenStack) and their communicate, i next i had create a tunnel trought vps (in France - KVM OpenStack) and a dedicated server (in Germany) their communicate. I can not understand why the vps (in Italy - OpenVZ) and the dedicated server (in Germany) do not communicate, ideas on how I can fix (
I also tried with iptables disabled, firewalld is not enable)? Thanks
In other words:
In other attempts (by this i mean that i managed to successfully create the GRE Tunnel between these machines):
The VPS (in France) and VPS (in Italy) communicate internally (ping and ssh command tests)
The VPS (in France) and Dedicated Server (in Germany) communicate internally (ping and ssh command tests)
Problem (by this i mean that i could not successfully create the GRE Tunnel between these machines):
The VPS (in Italy) and Dedicated Server (in Germany) do not communicate internally (ping and ssh command tests). I also asked hosting services if they had any restrinzione but nothing.
My configuration:
VPS command for tunnel:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
iptunnel add gre1 mode gre local VPS_IP remote DEDICATED_SERVER_IP ttl 255
ip addr add 192.168.168.1/30 dev gre1 ip link set gre1 up
Dedicated server command for tunnel:
iptunnel add gre1 mode gre local DEDICATED_SERVER_IP remote VPS_IP ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
[root#VPS ~]# ping 192.168.168.2
PING 192.168.168.2 (192.168.168.2) 56(84) bytes of data.
^C
--- 192.168.168.2 ping statistics ---
89 packets transmitted, 0 received, 100% packet loss, time 87999ms
[root#DE ~]# ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1) 56(84) bytes of data.
^C
--- 192.168.168.1 ping statistics ---
92 packets transmitted, 0 received, 100% packet loss, time 91001ms
[root#VPS ~]# tcpdump -i venet0 "proto gre" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes ^C 0 packets captured 1 packet received by filter 0 packets dropped by kernel
[root#DE ~]# tcpdump -i enp2s0 "proto gre" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
[root#VPS ~]# lsmod | grep gre
ip_gre 4242 -2
ip_tunnel 4242 -2 sit,ip_gre
gre 4242 -2 ip_gre
[root#DE ~]# lsmod | grep gre
ip_gre 22707 0
ip_tunnel 25163 1 ip_gre
gre 13144 1 ip_gre
Console image with full command output
If ip_forwarding is required for the tunnel to work, you need to do /sbin/sysctl -p
And what does the output of ip tunnel show and ip route show on both the ends
I have the following problem. I'm using Debian GNU/Linux Stretch and I am trying to use netcat as a simple server. I start it using following command:
$ netcat -l 127.0.0.1 33333
It starts just fine and accepts connections but on a different port than requested:
$ netstat -tulpn | grep netcat
tcp 0 0 0.0.0.0:38782 0.0.0.0:* LISTEN 2851/netcat
This behavior is independent of requested port, user or ufw status. Recently I installed LXC with following packages:
apparmor
bridge-utils
cgmanager
libapparmor-perl
lxc
All have been removed later, but somehow I feel like this behavior may be related to some changes in configuration.
It looks like you are using traditional netcat which requires providing -p argument for the listening port:
netcat -l 127.0.0.1 -p 33333
From nc -h:
-p port local port number
Syntax you use would work with OpenBSD netcat.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
So I want to control my banana pi with my macbook pro using SSH. It is the first I am using ssh. So I followed a lot of different tutorials and it still does not work.
If I run :
pi#172.25.54.12
or
bananapi#172.25.54.12
or whatever name I try it answers me that
ssh: connect to host 172.25.*.*2 port 22: Operation timed out
and when I try
bananapi#localhost
or
pi#localhost
it answers me:
ssh: connect to host localhost port 22: Connection refused
I found my IP address doing ifconfig on my bananapi.
My bananapi is using bananian (debian for banana pi), and my mac is 10.10.3.
When I run sshd -T, I have:
port 22
protocol 2
addressfamily any
listenaddress 0.0.0.0:22
listenaddress [::]:22
usepam 1
serverkeybits 768
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
permitrootlogin yes
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapikeyexchange no
gssapicleanupcredentials yes
gssapistrictacceptorcheck yes
gssapistorecredentialsonrekey no
passwordauthentication yes
kbdinteractiveauthentication no
challengeresponseauthentication no
printmotd no
printlastlog yes
x11forwarding yes
x11uselocalhost yes
strictmodes yes
tcpkeepalive yes
permitblacklistedkeys no
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns no
allowtcpforwarding yes
useprivilegeseparation yes
pidfile /var/run/sshd.pid
xauthlocation /usr/bin/xauth
ciphers aes256-ctr,aes128-ctr
macs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys .ssh/authorized_keys2
hostkey /etc/ssh/ssh_host_rsa_key
acceptenv LANG
acceptenv LC_*
subsystem sftp /usr/lib/openssh/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
permitopen any
Any idea?
edit:
so as suggested in the comments, I did a :
$ ls -al ~/.ssh
total 24 drwx------ 5 ***************** staff 170 12 mai 13:27 .
drwxr-xr-x 53 **************** staff 1802 12 mai 11:16 ..
-rw------- 1 ***************** staff 1766 12 mai 11:16 authorized_keys
-rw------- 1 ***************** staff 1679 12 mai 13:27 id_rsa
-rw-r--r-- 1 ***************** staff 429 12 mai 13:27 id_rsa.pub –
This is what I get as an answer. So I have a key in the authorized_keys file.
Do I have to send it (the public key) to my banana pi?
edit#2:
here is my adress less hidden 172.25.54.12 All I want for now is just connect my mac to my banana pi and control it as a server. So my Mac would be the client, and my banana pi my "host".
When I run
netstat -an | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:32622 0.0.0.0:*
unix 3 [ ] STREAM CONNECTED 4122
unix 3 [ ] STREAM CONNECTED 2922 #/tmp/.X11-unix/X0
Basically what I did is, I followed some tutorial on the internet (like this one https://www.youtube.com/watch?v=0wn44MbxtZw) but it does not work.
edit#3:
I tried with a PC and puTTY, and I have got an error:
Network error: Network is unreachable.
Maybe it can help.
Edit#4
Ok I understood a part of my problem: I thought it was possible to connect directly my two devices without using the local network. I mean directly connect my banana pi to my mac just with one ethernet cable. But my goal is to be able to connect to my banana pi even when it is not connected to any network (is thath possible?), so I want to use an static IP address, is that a good idea?
Ok, so I found a way to do what I wanted to do. That means to connect directly my mac with my banana pi just with an ethernet cable (cross over ethernet cable).
I edited the network interface doing:
gedit /etc/network/interfaces
and then I modified the file this way
#interfaces (5) file used by ifup(8° and ifdown(8)
auto lo
iface lo inet loopback
#dhcp configuration
allow-hotplug eth0
#iface eth0 inet dhcp
#static ip configuration
auto eth0
iface eth0 inet static
adress 169.x.y.z
netmask 255.255.255.0
gateway 169.X.Y.*
So for address I put an IP really similar to my Mac IP adress (to get the mac IP address run ipconfig getifaddr en0)
And for gateway I put my mac IP address.
Then I connected my two devices with a cross over ethernet cable. And in my mac terminal I ran:
bananapi#169.x.y.*
and it worked!
Thank you
From a bash script how can I quickly find out whether a port 445 is open/listening on a server.
I have tried a couple of options, but I want something quick:
1. lsof -i :445 (Takes seconds)
2. netstat -an |grep 445 |grep LISTEN (Takes seconds)
3. telnet (it doesn't return)
4. nmap, netcat are not available on the server
It will be nice to know of a way that doesn't enumerate first and greps after that.
A surprise I found out recently is that Bash natively supports tcp connections as file descriptors. To use:
exec 6<>/dev/tcp/ip.addr.of.server/445
echo -e "GET / HTTP/1.0\n" >&6
cat <&6
I'm using 6 as the file descriptor because 0,1,2 are stdin, stdout, and stderr. 5 is sometimes used by Bash for child processes, so 3,4,6,7,8, and 9 should be safe.
As per the comment below, to test for listening on a local server in a script:
exec 6<>/dev/tcp/127.0.0.1/445 || echo "No one is listening!"
exec 6>&- # close output connection
exec 6<&- # close input connection
To determine if someone is listening, attempt to connect by loopback. If it fails, then the port is closed or we aren't allowed access. Afterwards, close the connection.
Modify this for your use case, such as sending an email, exiting the script on failure, or starting the required service.
There's a very short with "fast answer" here : How to test if remote TCP port is opened from Shell script?
nc -z <host> <port>; echo $?
I use it with 127.0.0.1 as "remote" address.
this returns "0" if the port is open and "1" if the port is closed
e.g.
nc -z 127.0.0.1 80; echo $?
-z Specifies that nc should just scan for listening daemons,
without sending any data to them. It is an error to use this option
in conjunc-
tion with the -l option.
You can use netstat this way for much faster results:
On Linux:
netstat -lnt | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
On Mac:
netstat -anp tcp | awk '$6 == "LISTEN" && $4 ~ /\.445$/'
This will output a list of processes listening on the port (445 in this example) or it will output nothing if the port is free.
You can use netcat for this.
nc ip port < /dev/null
connects to the server and directly closes the connection again. If netcat is not able to connect, it returns a non-zero exit code. The exit code is stored in the variable $?. As an example,
nc ip port < /dev/null; echo $?
will return 0 if and only if netcat could successfully connect to the port.
Based on Spencer Rathbun's answer, using bash:
true &>/dev/null </dev/tcp/127.0.0.1/$PORT && echo open || echo closed
they're listed in /proc/net/tcp.
it's the second column, after the ":", in hex:
> cat /proc/net/tcp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 10863 1 ffff88020c785400 99 0 0 10 -1
1: 0100007F:0277 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7983 1 ffff88020eb7b3c0 99 0 0 10 -1
2: 0500010A:948F 0900010A:2328 01 00000000:00000000 02:00000576 00000000 1000 0 10562454 2 ffff88010040f7c0 22 3 30 5 3
3: 0500010A:E077 5F2F7D4A:0050 01 00000000:00000000 02:00000176 00000000 1000 0 10701021 2 ffff880100474080 41 3 22 10 -1
4: 0500010A:8773 16EC97D1:0050 01 00000000:00000000 02:00000BDC 00000000 1000 0 10700849 2 ffff880104335440 57 3 18 10 -1
5: 0500010A:8772 16EC97D1:0050 01 00000000:00000000 02:00000BF5 00000000 1000 0 10698952 2 ffff88010040e440 46 3 0 10 -1
6: 0500010A:DD2C 0900010A:0016 01 00000000:00000000 02:0006E764 00000000 1000 0 9562907 2 ffff880104334740 22 3 30 5 4
7: 0500010A:AAA4 6A717D4A:0050 08 00000000:00000001 02:00000929 00000000 1000 0 10696677 2 ffff880106cc77c0 45 3 0 10 -1
so i guess one of those :50 in the third column must be stackoverflow :o)
look in man 5 proc for more details. and picking that apart with sed etc is left as an exercise for the gentle reader...
ss -tl4 '( sport = :22 )'
2ms is quick enough ?
Add the colon and this works on Linux
nc -l 8000
Where 8000 is the port number. If the port is free, it will start a server that you can close easily. If it isn't it will throw an error:
nc: Address already in use
Here's one that works for both Mac and Linux:
netstat -aln | awk '$6 == "LISTEN" && $4 ~ "[\\.\:]445$"'
I wanted to check if a port is open on one of our linux test servers.
I was able to do that by trying to connect with telnet from my dev machine to the test server. On you dev machine try to run:
$ telnet test2.host.com 8080
Trying 05.066.137.184...
Connected to test2.host.com
In this example I want to check if port 8080 is open on host test2.host.com
You can use netcat command as well
[location of netcat]/netcat -zv [ip] [port]
or
nc -zv [ip] [port]
-z – sets nc to simply scan for listening daemons, without actually sending any data to them.
-v – enables verbose mode.
tcping is a great tool with a very low overhead.It also has a timeout argument to make it quicker:
[root#centos_f831dfb3 ~]# tcping 10.86.151.175 22 -t 1
10.86.151.175 port 22 open.
[root#centos_f831dfb3 ~]# tcping 10.86.150.194 22 -t 1
10.86.150.194 port 22 user timeout.
[root#centos_f831dfb3 ~]# tcping 1.1.1.1 22 -t 1
1.1.1.1 port 22 closed.
nmap is the right tool.
Simply use nmap example.com -p 80
You can use it from local or remote server.
It also helps you identify if a firewall is blocking the access.
If you're using iptables try:
iptables -nL
or
iptables -nL | grep 445