Network Services -u UDP -1 Port sockets in state “listening” -n Show numeric values for hosts and ports -P Show process ID that owns sockets # netstat -nutlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN 718/xinetd tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 979/X tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 704/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 832/sendmail udp 0 0 0.0.0.0:68 0.0.0.0:* 772/dhclient udp 0 0 10.4.65.253:123 0.0.0.0:* 803/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 803/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 803/ntpd This lists the TCP and UDP sockets that are ready to receive incoming data (connections in the case of TCP and datagrams for UDP). We can see that this machine is listening on four TCP/IP ports which are the numbers after the ‘:’ in the Local Address column (22 for ssh, 25 for incoming mail, 6000 for X11 and 32769 for the xinetd “super” server). It will also accept datagrams on port 68 (DHCP client) and 123 (Network Time Protocol service). Three TCP/IP addresses appear in this local address column: 0.0.0.0 means that the server is listening on all addresses, 127.0.0.1 is the machine’s loopback address, and 10.4.65.253 is the address of the machine’s Ethernet card (leased from a DHCP server). If we leave out the -l flag, netstat will show us all the active connections. If we leave out the -n flag, netstat will look up port names in /etc/services and host names using DNS, giving symbolic output. Try varying the flags to see what information is returned. We can check the output of the netstat command to make sure that we don’t have any programs listening on TCP or UDP ports that we’re not expecting. The -p flag, which gets netstat to print out the PID (Process ID) and name of the process that opened the socket, is very useful for identifying “rogue” programs, perhaps modified by an intruder, that are listening on unexpected ports. (Of course, if we’ve got Tripwire set up and we’re running regular scans, we’ll quickly identify if an intruder has modified a program.) nmap Nmap takes a different approach to the problem of identifying which ports are being listened to (are “open” in nmap parlance) on a machine. It sends special packets to ports on the machine in question, and listens for the response. This enables it to deduce whether the port is open, closed, or even being blocked by a firewall (more on that later). Nmap isn’t installed by default, but is on the Red Hat Linux CD-ROMs, so you may need to install it if you want to try these examples. First, by way of example, let’s get nmap to see what ports are open on our machine. We’ll use the flags -sUT to tell nmap we want it to scan both TCP and UDP ports, and accept the defaults for everything else (including the port range, which is 1 to 1023, since these are the ports that privileged services use, plus others that are mentioned in /etc/services). Here’s the output from a test system: 420
Hint: If you are looking for high quality webhost to host and run your jsp application check Vision web hosting jsp services