View commands include: 1. ss command, which can check the occupancy of process ports, the syntax is "ss -tnlp | grep "port number""; 2. netstat command, which can display related information such as ports and processes. Syntax "netstat -tnlp | grep "port number""; 3. lsof command, you can check the port occupancy, the syntax "lsof -i tcp:port number"; 4. fuser command, you can check the port occupancy, the syntax "fuser - v port number/tcp".
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
Port is the identifier of the logical connection between specific processes on the Linux system, including physical ports and software ports. Since the Linux operating system is a software, this article only discusses software ports. Software ports are always associated with a host's IP address and associated communications protocol, so ports are often used to differentiate applications. Most services that involve networking must open a socket to listen for incoming network requests, and each service uses a separate socket.
The socket is used in combination with the IP address, software port and protocol. The port number is applicable to both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) protocols. Both TCP and UDP can be used. Use port numbers between 0 and 65535 for communication.
The following are the port allocation categories:
0 – 1023: Common ports and system ports
1024 – 49151: Software Registered port
49152 – 65535: Dynamic port or private port
You can use the following six methods to view the port information of the process
#ss: Can be used to dump socket statistics.
netstat: Can display a list of open sockets.
lsof: Can list open files.
fuser: You can list the process IDs of processes that have files open.
nmap: is a network detection tool and port scanner.
systemctl: is the control manager and service manager of the systemd system.
Below we will find out the port number used by the sshd daemon.
Method 1: Use the ss command
ss is generally used to dump socket statistics. It can output information similar to the output of netstat, but it can display more TCP information and status information than other tools.
It can also display all types of socket statistics, including PACKET, TCP, UDP, DCCP, RAW, Unix domains, etc.
# ss -tnlp | grep ssh
#You can also use the port number to check.
# ss -tnlp | grep ":22"
Method 2: Use the netstat command
netstat can display network connections, routing tables, interface statistics, masquerading connections, and Multicast members.
By default, netstat lists open sockets. If no address family is specified, active sockets for all configured address families are displayed. But netstat is outdated, and ss is generally used instead.
# netstat -tnlp | grep ssh
#You can also use the port number to check.
# netstat -tnlp | grep ":22"
Method 3: Use the lsof command
lsof can list open files and list files opened by processes on the system information about the file.
# lsof -i -P | grep ssh
#You can also use the port number to check.
# lsof -i tcp:22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1208 root 3u IPv4 20919 0t0 TCP *:ssh (LISTEN) sshd 1208 root 4u IPv6 20921 0t0 TCP *:ssh (LISTEN) sshd 11592 root 3u IPv4 27744 0t0 TCP vps.2daygeek.com:ssh->103.5.134.167:49902 (ESTABLISHED)
Method 4: Use the fuser command
The fuser tool will display the process ID of the process that has the file open on the local system in the standard output.
# fuser -v 22/tcp
Method 5: Use the nmap command
nmap ("Network Mapper") is a software for network detection and security Open source tools for auditing. It was originally designed for fast scanning of large networks, but it also performs well for scanning of individual hosts.
nmap uses raw IP packets to determine the hosts available on the network, their services (including application names and versions), the operating system the host is running (including information such as operating system version), the Type of packet filter or firewall, and much other information.
# nmap -sV -p 22 localhost
Method 6: Use systemctl command
systemctl 是 systemd 系统的控制管理器和服务管理器。它取代了旧的 SysV 初始化系统管理,目前大多数现代 Linux 操作系统都采用了 systemd。
# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2018-09-23 02:08:56 EDT; 6h 11min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 11584 (sshd) CGroup: /system.slice/sshd.service └─11584 /usr/sbin/sshd -D Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Starting OpenSSH server daemon... Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on 0.0.0.0 port 22. Sep 23 02:08:56 vps.2daygeek.com sshd[11584]: Server listening on :: port 22. Sep 23 02:08:56 vps.2daygeek.com systemd[1]: Started OpenSSH server daemon. Sep 23 02:09:15 vps.2daygeek.com sshd[11589]: Connection closed by 103.5.134.167 port 49899 [preauth] Sep 23 02:09:41 vps.2daygeek.com sshd[11592]: Accepted password for root from 103.5.134.167 port 49902 ssh2
以上输出的内容显示了最近一次启动 sshd 服务时 ssh 服务的监听端口。但它不会将最新日志更新到输出中。
# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-09-06 07:40:59 IST; 2 weeks 3 days ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 1208 (sshd) CGroup: /system.slice/sshd.service ├─ 1208 /usr/sbin/sshd -D ├─23951 sshd: [accepted] └─23952 sshd: [net] Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: Invalid user pi from 95.210.113.142 port 51666 Sep 23 12:50:36 vps.2daygeek.com sshd[23909]: input_userauth_request: invalid user pi [preauth] Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): check pass; user unknown Sep 23 12:50:37 vps.2daygeek.com sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): check pass; user unknown Sep 23 12:50:37 vps.2daygeek.com sshd[23909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.210.113.142 Sep 23 12:50:39 vps.2daygeek.com sshd[23911]: Failed password for invalid user pi from 95.210.113.142 port 51670 ssh2 Sep 23 12:50:39 vps.2daygeek.com sshd[23909]: Failed password for invalid user pi from 95.210.113.142 port 51666 ssh2 Sep 23 12:50:40 vps.2daygeek.com sshd[23911]: Connection closed by 95.210.113.142 port 51670 [preauth] Sep 23 12:50:40 vps.2daygeek.com sshd[23909]: Connection closed by 95.210.113.142 port 51666 [preauth]
大部分情况下,以上的输出不会显示进程的实际端口号。这时更建议使用以下这个 journalctl 命令检查日志文件中的详细信息。
# journalctl | grep -i "openssh\|sshd"
相关推荐:《Linux视频教程》
The above is the detailed content of What is the command to view the process port in Linux?. For more information, please follow other related articles on the PHP Chinese website!