In modern operating systems can not do without the interaction of programs with the external environment and the Internet. To do this, use the mechanisms of the ports.
But the ports are a threat. If the application has any vulnerability, any user on the local network will be able to access your computer, and in some cases even to your information. So you need to be very careful with open ports. In this article we will look at how to view open ports Ubuntu.
What are ports and why are they needed?
Ports is a broader concept than just the ability to connect to a remote computer through the network. When a process wants to access the server, he needs some way to identify to which server he wants to connect. If we know the 32-bit IP address of the server, we can connect to it.
But how to specify the program to which you want to apply? To solve this problem, both UDP and TCP support the ports system. The port is an integer between 1024 and 65535. All numbers up to 1024 are reserved and used only certain services, e.g., 22 – ssh, http – 80, FTP – 21, and so on.
Thus, the process listens to a specific port on the server and a client that wants to access it must know the port. All processing of access rights to the ports in most cases falls on the process, so if his code has a vulnerability, then it can become a serious security problem.
Open ports in Ubuntu
There are not only the ports to which programs are connecting remotely, but the local ports used by programs to communicate with each other. As a local can also be used deleted.
In Linux there are several tools that can be used to view open ports. Some of them are full-fledged network scanners, other local utility that displays all available information. Consider the main ones.
This is one of the oldest and most popular tools for viewing open ports. We described it in a separate article, but for now just a quick look at how to work with it. To view open ports, run the following command:
netstat-ntlp | grep LISTEN
Option -l reports that it is necessary to look at the listening ports, -p shows the program name, -t and -u – display TCP and UDP ports, and -n shows ip addresses in numeric form. Next you need to choose only those rows where the word LISTEN only to find the listening ports.
Here the first column is the Protocol, then the two columns is the data that we have nothing useful to say, and they are already behind them, local and external addresses. If the local address is 127.0.0.1, it means that the service is available only on this computer, and set to 0.0.0.0 or :: means any address, these services can connect from the network. In our example it is Apache and systemd-resolvd.
The utility lsof is also designed to view the open connections. Its main function – display open files, but it can help view open ports Ubuntu. Use the following parameters:
sudo lsof -nP -i | grep LISTEN
Options -n and -P indicate that you want to display not only the digital port names and ip addresses, but domain names and services. The option -i displays all network connections, and using grep we filter out only those that are in a listening state.
The presentation of the information is slightly different, but in General we see all the same information. In addition to her, there is still displayed the name of the user who launched the process. You may not be limited to the filters and view all the available connections:
sudo lsof -nP -i
Ss is an improved version of netstat. Exactly how to replace the ifconfig utility was invented ip, ss was developed to replace netstat. The command will look like the following:
All the data displayed here is almost the same as in netstat, so you can easily figure everything out. In addition to the above commands, you may need to look at the firewall rules in iptables, to see which ports are closed with it:
In our example, there are no restrictions. The default policy is ACCEPT. On a production server may apply policy DENY, and required ports are resolved using rules.
Network scanner nmap allows you to check the list of ports Ubuntu as if it was done by the attacker during the attempted attack on your system. Here you will see all the ports that are visible from the outside. But to scan you must use the external ip address. Not network ip address of the provider and the address of your computer, for example, local network is most often used 192.168.1.2. To see the ip of your network interface using the command ifconfig:
Just to scan the open ports Ubuntu will only need to perform:
You can also run comprehensive scanning of all vulnerabilities. It is important to note that the team does not find all vulnerabilities, and checks only the most simple. To activate this mode, use option -A:
sudo nmap -A 192.168.1.3
How to use nmap, read in a separate article.
In this article, we covered how to check the ports in Ubuntu with a few tools. They all derive more information, but for each case it may be better to approach only one of them. For example, to check what ports other computers see better from the outside with nmap. And to see what services or sockets is not available locally, better to use netstat or ss.
Check which ports are open and if they are not needed, close them in your firewall or simply disable the service. Otherwise, they threaten the safety of your system. For example, my laptop open SSH port, and I saw in the logs trying to sort out the password of some routers from the local network. And even if you have no one to break, it can make the virus. So be careful and don’t leave ports open unless it is necessary.