Security

List open ports and listening services

You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default, even between different service pack versions of MS Windows XP, and if you're coming into a situation where you must assume responsibility for the security of computers that were already set up before you got there, there are certain to be different services running than on a default install of the system. What's needed is a tool for listing active services and open ports. I'll explain how such tools can be used on three types of systems: Linux distributions, FreeBSD, and MS Windows.

As mentioned in the article, "10 security tips for all general-purpose OSes," you should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Ten specific services for Microsoft Windows were mentioned in my later article, "10 services to turn off in MS Windows XP." While ten is a good number for a quick list in an article, it's hardly comprehensive.

There's essentially no way to provide a comprehensive list, of course. Different systems will have different services running by default, even between different service pack versions of MS Windows XP, and if you're coming into a situation where you must assume responsibility for the security of computers that were already set up before you got there, there are certain to be different services running than on a default install of the system. Worse, there are new services being invented from time to time, expanding the number of services that may possibly be running on a given computer.

What's needed is a tool for listing active services and open ports. I'll explain how such tools can be used on three types of systems, in alphabetical order -- Linux distributions, FreeBSD, and MS Windows -- plus how to use an additional tool for commercial UNIX systems where the other tools may not be available.

FreeBSD

On a FreeBSD Unix system, as with other BSD Unix systems, you have a number of utilities with a base system install that can be used for listing open files, running processes, and network connections. The netstat utility is maintained as a part of the FreeBSD base system by the FreeBSD core developers, and offers exactly the sort of functionality you need to list open ports on your system.

netstat

To list open network ports and the processes that own them on FreeBSD with netstat, you can use this command:

<code>  netstat -a | egrep 'Proto|LISTEN' 

The output for this on my laptop running FreeBSD is:

<p>This information can be used to determine what services are running, in cases where services are using standard ports.  On a FreeBSD system, you can get a listing of standard port associations by searching through the contents of <code>/etc/services
. For instance, if you wanted to find out what was up with port 631, you might use this command:
<code>  grep -w 631 /etc/services 

The output:

<h3>Linux distributions</h3><p>As with FreeBSD, the obvious choice of tool to use for listing open ports is <code>netstat
. Most Linux distributions use a different version of the utility, however -- maintained separately from the Linux distribution, as an independent software development project.

One consequence of that fact is that the command line options used to achieve the same results may be different with FreeBSD than with Debian, Ubuntu, or Fedora Core Linux systems. On a typical Linux system, this command will list open network ports and the processes that own them:

<code>  netstat -lnptu 

The output should look something like this:

<p>The output of this command should look something like this:</p> <pre style="code>TCP    hostname:epmap           hostname:0               LISTENING <p>TCP    hostname:microsoft-ds    hostname:0               LISTENING</p> <p>TCP    hostname:10110           hostname:0               LISTENING</p> <p>TCP    hostname:netbios-ssn     hostname:0               LISTENING</p> </pre> <p>  </p><p>. . . with" hostname"="" replaced="" by="" the="" system's="" hostname,="" of="" course.<="" p=""><h3>Commercial UNIX Systems</h3><p>For most commercial UNIX systems, even if there is not a version of <code>netstat
or sockstat available, you should be able to install lsof -- which is short for "list open files". Most Linux distributions and BSD Unix systems will provide lsof with a default install or through their respective software management systems. Some commercial UNIX systems do so as well, and for many others you can download it. The following command will limit the output of the utility to network ports:
<code>  lsof -i -n | egrep 'COMMAND|LISTEN' 

The output should look something like this (as run on my laptop, again):

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

2 comments
jackhard
jackhard

It has a different syntax for the Linux version, and is much more limited, but it is definitely a part of the operating system. hitechito

Imprecator
Imprecator

It has different syntax than the Linux version, and it's more limited, but it's definitely part of the OS.

Editor's Picks