netstat
To list open network ports and the processes that own them on FreeBSD with netstat,
you can use this command:
netstat -a | egrep 'Proto|LISTEN'
The output for this on my laptop running FreeBSD is:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.ipp *.* LISTEN
tcp6 0 0 localhost.ipp *.* LISTEN
tcp4 0 0 *.2200 *.* LISTEN
tcp6 0 0 *.2200 *.* LISTEN
tcp4 0 0 *.x11 *.* LISTEN
tcp6 0 0 *.x11 *.* LISTEN
The localhost.ipp entry refers to the Internet Printing Protocol, used by CUPS to talk to the network printer.
The *.2200 entry refers to SSH, which I have set to a nonstandard port -- so it's not recognized by netstat's
port-to-service association capabilities. *.x11, meanwhile, refers to the X Window System protocol.
You can add the -n option to netstat to get port numbers instead of having the utility try to provide names for services:
netstat -an | egrep 'Proto|LISTEN'
The output would then look somewhat different:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN
tcp4 0 0 *.2200 *.* LISTEN
tcp6 0 0 *.2200 *.* LISTEN
tcp4 0 0 *.6000 *.* LISTEN
tcp6 0 0 *.6000 *.* LISTEN
This information can be used to determine what services are running, in cases where services are using standard ports.
On a FreeBSD system, you can get a listing of standard port associations by searching through the contents of /etc/services.
For instance, if you wanted to find out what was up with port 631, you might use this command:
grep -w 631 /etc/services
The output:
ipp 631/tcp #IPP (Internet Printing Protocol)
ipp 631/udp #IPP (Internet Printing Protocol)
sockstat
In addition to netstat, the more limited command sockstat is effectively tailor-made for this kind of information gathering.
To get a listing of listening ports and their associated processes, you can use this command:
sockstat -4l
The output may even be more useful than that of netstat above:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root cupsd 1701 4 tcp4 127.0.0.1:631 *:*
root cupsd 1701 6 udp4 *:631 *:*
root sshd 1685 4 tcp4 *:2200 *:*
root Xorg 1154 3 tcp4 *:6000 *:*
root syslogd 907 7 udp4 *:514 *:*
Linux distributions
As with FreeBSD, the obvious choice of tool to use for listing open ports is netstat. Most Linux distributions use a
different version of the utility, however -- maintained separately from the Linux distribution, as an independent software
development project.
One consequence of that fact is that the command line options used to achieve the same results may be different with FreeBSD
than with Debian, Ubuntu, or Fedora Core Linux systems. On a typical Linux system, this command will list open network ports
and the processes that own them:
netstat -lnptu
The output should look something like this:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2458/cupsd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2353/postgres
tcp6 0 0 :::22 :::* LISTEN 2335/sshd
udp 0 0 0.0.0.0:631 0.0.0.0:* 2458/cupsd
As you can see from this output, the Debian GNU/Linux system on which I ran that command has only four open ports -- two for CUPS,
so that the computer can communicate with the network printer; one for PostgreSQL so that it can be contacted by applications in
development; SSH, so that I can access it remotely, from my laptop.
Microsoft Windows XP
Microsoft Windows also offers a netstat command that can be executed from the command line to get a list of open ports.
The standard MS Windows version of netstat is slightly more limited than its Unix-like system counterparts, but still suffices to
get a listing of listening services:
netstat -a | find "LISTENING"
The output of this command should look something like this:
TCP hostname:epmap hostname:0 LISTENING
TCP hostname:microsoft-ds hostname:0 LISTENING
TCP hostname:10110 hostname:0 LISTENING
TCP hostname:netbios-ssn hostname:0 LISTENING
. . . with "hostname" replaced by the system's hostname, of course.
Commercial UNIX Systems
For most commercial UNIX systems, even if there is not a version of netstat or sockstat available, you should be able to
install lsof -- which is short for "list open files". Most Linux distributions and BSD Unix systems will provide lsof with
a default install or through their respective software management systems. Some commercial UNIX systems do so as well,
and for many others you can download it. The following command will limit the output of the utility to network ports:
lsof -i -n | egrep 'COMMAND|LISTEN'
The output should look something like this (as run on my laptop, again):
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Xorg 1154 root 1u IPv6 0xc6042000 0t0 TCP *:x11 (LISTEN)
Xorg 1154 root 3u IPv4 0xc6041cb0 0t0 TCP *:x11 (LISTEN)
sshd 1685 root 3u IPv6 0xc6041ae0 0t0 TCP *:2200 (LISTEN)
sshd 1685 root 4u IPv4 0xc6041910 0t0 TCP *:2200 (LISTEN)
cupsd 1701 root 3u IPv6 0xc6041740 0t0 TCP [::1]:ipp (LISTEN)
cupsd 1701 root 4u IPv4 0xc6041570 0t0 TCP 127.0.0.1:ipp (LISTEN)
To list open network ports and the processes that own them on FreeBSD with netstat,
you can use this command:
netstat -a | egrep 'Proto|LISTEN'
The output for this on my laptop running FreeBSD is:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.ipp *.* LISTEN
tcp6 0 0 localhost.ipp *.* LISTEN
tcp4 0 0 *.2200 *.* LISTEN
tcp6 0 0 *.2200 *.* LISTEN
tcp4 0 0 *.x11 *.* LISTEN
tcp6 0 0 *.x11 *.* LISTEN
The localhost.ipp entry refers to the Internet Printing Protocol, used by CUPS to talk to the network printer.
The *.2200 entry refers to SSH, which I have set to a nonstandard port -- so it's not recognized by netstat's
port-to-service association capabilities. *.x11, meanwhile, refers to the X Window System protocol.
You can add the -n option to netstat to get port numbers instead of having the utility try to provide names for services:
netstat -an | egrep 'Proto|LISTEN'
The output would then look somewhat different:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN
tcp4 0 0 *.2200 *.* LISTEN
tcp6 0 0 *.2200 *.* LISTEN
tcp4 0 0 *.6000 *.* LISTEN
tcp6 0 0 *.6000 *.* LISTEN
This information can be used to determine what services are running, in cases where services are using standard ports.
On a FreeBSD system, you can get a listing of standard port associations by searching through the contents of /etc/services.
For instance, if you wanted to find out what was up with port 631, you might use this command:
grep -w 631 /etc/services
The output:
ipp 631/tcp #IPP (Internet Printing Protocol)
ipp 631/udp #IPP (Internet Printing Protocol)
sockstat
In addition to netstat, the more limited command sockstat is effectively tailor-made for this kind of information gathering.
To get a listing of listening ports and their associated processes, you can use this command:
sockstat -4l
The output may even be more useful than that of netstat above:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root cupsd 1701 4 tcp4 127.0.0.1:631 *:*
root cupsd 1701 6 udp4 *:631 *:*
root sshd 1685 4 tcp4 *:2200 *:*
root Xorg 1154 3 tcp4 *:6000 *:*
root syslogd 907 7 udp4 *:514 *:*
Linux distributions
As with FreeBSD, the obvious choice of tool to use for listing open ports is netstat. Most Linux distributions use a
different version of the utility, however -- maintained separately from the Linux distribution, as an independent software
development project.
One consequence of that fact is that the command line options used to achieve the same results may be different with FreeBSD
than with Debian, Ubuntu, or Fedora Core Linux systems. On a typical Linux system, this command will list open network ports
and the processes that own them:
netstat -lnptu
The output should look something like this:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2458/cupsd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2353/postgres
tcp6 0 0 :::22 :::* LISTEN 2335/sshd
udp 0 0 0.0.0.0:631 0.0.0.0:* 2458/cupsd
As you can see from this output, the Debian GNU/Linux system on which I ran that command has only four open ports -- two for CUPS,
so that the computer can communicate with the network printer; one for PostgreSQL so that it can be contacted by applications in
development; SSH, so that I can access it remotely, from my laptop.
Microsoft Windows XP
Microsoft Windows also offers a netstat command that can be executed from the command line to get a list of open ports.
The standard MS Windows version of netstat is slightly more limited than its Unix-like system counterparts, but still suffices to
get a listing of listening services:
netstat -a | find "LISTENING"
The output of this command should look something like this:
TCP hostname:epmap hostname:0 LISTENING
TCP hostname:microsoft-ds hostname:0 LISTENING
TCP hostname:10110 hostname:0 LISTENING
TCP hostname:netbios-ssn hostname:0 LISTENING
. . . with "hostname" replaced by the system's hostname, of course.
Commercial UNIX Systems
For most commercial UNIX systems, even if there is not a version of netstat or sockstat available, you should be able to
install lsof -- which is short for "list open files". Most Linux distributions and BSD Unix systems will provide lsof with
a default install or through their respective software management systems. Some commercial UNIX systems do so as well,
and for many others you can download it. The following command will limit the output of the utility to network ports:
lsof -i -n | egrep 'COMMAND|LISTEN'
The output should look something like this (as run on my laptop, again):
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Xorg 1154 root 1u IPv6 0xc6042000 0t0 TCP *:x11 (LISTEN)
Xorg 1154 root 3u IPv4 0xc6041cb0 0t0 TCP *:x11 (LISTEN)
sshd 1685 root 3u IPv6 0xc6041ae0 0t0 TCP *:2200 (LISTEN)
sshd 1685 root 4u IPv4 0xc6041910 0t0 TCP *:2200 (LISTEN)
cupsd 1701 root 3u IPv6 0xc6041740 0t0 TCP [::1]:ipp (LISTEN)
cupsd 1701 root 4u IPv4 0xc6041570 0t0 TCP 127.0.0.1:ipp (LISTEN)
Comments