Linux port listener implementation tutorial

The main commands used: netstat, nmap

The difference between the two is as follows:

l netstat: monitor your own port on your own machine;

l nmap: Through the network detection software assistance, it can detect other network hosts that are not on the local machine.

1,
netstat
General usage:

< b>1.1
List the network ports that are listening:

[root@www ~]# netstat -tunl

ctive Internet connections (only servers)< Br> Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
....(omitted below)....

The above shows that my host has started at least 111, 22 and 25, etc. The port, while the 25 port only provides services for the Lo internal loop test network, the Internet is not connected to the port.

1.2
Listing connected network ports:

[root@www ~]# netstat -tun

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 192.168.1.100:22 192.168.1.101: 56746 ESTABLISHED

Data from above Look, my local server (Local Address, 192.168.1.100) currently has only one established connection, that is, the connection to the host of 192.168.1.101, and the online square is connected to the host by the other party. Port 22 to access the service of my server!

1.3
Delete a connection that is already connected or listening:

If you want to have a network service that is already established, or is listening The easiest way to close is to find out the PID of the connection, and then kill him! For example, the following example:
[root@www ~]# netstat -tunp

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/P name
tcp 0 52 192.168.1.100:22 192.168.1.101:56746 ESTABLISHED 1342/0

As the above example, we can find out that the connection is enabled by the sshd program. And his PID is 1342, I hope you don't use the killall command urgently, otherwise it is easy to delete the wrong person (because there may be more than one sshd in your host), you should use the kill command!

2,
NMAP
Use:

If you want to detect the device and What if there is no operating system
that allows you to log in? For example, if you want to know if your company's network printer has some protocols open, what should you do? Now you know that netstat can be used to check the communication protocols in many monitors on this machine. How do you query non-native devices such as network printers? Ha ha! It’s right with nmap!
[root@www ~]# nmap [
Scan Type
] [
Scan Parameters
] [hosts
Address and Range
]

Options and Parameters:
[Scan Type]: There are several types of scans:
-sT : Scan TCP packets have been established online connect()!
-sS: Scan TCP packets with SYN volume data
-sP: Scan with ping
-sU: Scan in UDP packet format
-sO: IP protocol for host scanning
[Scan parameters]: There are several main scanning parameters:
-PT: Use the ping method in TCP to scan, you can know the current There are several computers that survive (more commonly)
-PI: Use actual ping (with ICMP packets) for scanning
-p : This is the port range, for example 1024-, 80-1023, 30000 -60000 and so on
[Hosts address and range]: This is much more interesting, there are several similar types
192.168.1.100: write directly to HOST IP, only check one;
192.168.1.0/24: The type of C Class,
192.168.*.* : Hey! Then it becomes the type of B Class! The scope of scanning has become wider!
192.168.1.0-50,60-100,103,200 : This is the scope of the deformation of the host! Very good use!

# Example 1: Use port scanning preset parameters of the machine enabled (only scanning TCP)
[root @ www ~] # yum install nmap

[root@www ~]# nmap localhost

PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
# In the default case, nmap will only scan the protocol of TCP!