Linux查看端口

1、什么是端口

"端口"是英文port的意译，可以认为是设备与外界通讯交流的出口。端口可分为虚拟端口和物理端口，其中虚拟端口指计算机内部或交换机路由器内的端口，不可见。例如计算机中的80端口、21端口、23端口等。物理端口又称为接口，是可见端口，计算机背板的RJ45网口，交换机路由器集线器等RJ45端口。电话使用RJ11插口也属于物理端口的范畴。套接字是和 IP 地址、软件端口和协议结合起来使用的，而端口号对传输控制协议（TCP）和用户数据报协议（UDP）协议都适用，TCP 和 UDP 都可以使用 0 到 65535 之间的端口号进行通信。

2、相关文件

/etc/services，可以查看更多信息

[[email protected]_0_11_centos ~]# cat /etc/services | head -40
# /etc/services:
# $Id: services,v 1.55 2013/04/14 ovasik Exp $
#
# Network services, Internet style
# IANA services version: last updated 2013-04-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994).  Not all ports
# are included, only the more common ones.
#
# The latest IANA port assignments can be gotten from
#       http://www.iana.org/assignments/port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Each line describes one service, and is of the form:
#
# service-name  port/protocol  [aliases ...]   [# comment]

tcpmux          1/tcp                           # TCP port service multiplexer
tcpmux          1/udp                           # TCP port service multiplexer
rje             5/tcp                           # Remote Job Entry
rje             5/udp                           # Remote Job Entry
echo            7/tcp
echo            7/udp
discard         9/tcp           sink null
discard         9/udp           sink null
systat          11/tcp          users
systat          11/udp          users
daytime         13/tcp

3、查看方式

1）ss命令

[[email protected]_0_11_centos ~]# ss -tnlp | grep ssh
LISTEN     0      128          *:22                       *:*                   users:(("sshd",pid=1153,fd=3))

2）netstat命令

[[email protected]_0_11_centos ~]# netstat -tnlp | grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1153/sshd  

3）lsof命令

lsof 能够列出打开的文件，并列出系统上被进程打开的文件的相关信息。

[[email protected]_0_11_centos ~]# lsof -i -P | grep ssh
sshd       1153 root    3u  IPv4   20459      0t0  TCP *:22 (LISTEN)
sshd       4032 root    3u  IPv4 7099359      0t0  TCP VM_0_11_centos:22->222.186.175.183:35944 (ESTABLISHED)
sshd       4033 sshd    3u  IPv4 7099359      0t0  TCP VM_0_11_centos:22->222.186.175.183:35944 (ESTABLISHED)
sshd      31652 root    3u  IPv4 7076571      0t0  TCP VM_0_11_centos:22->161.117.188.158:46309 (ESTABLISHED)

4）systemctl命令

[[email protected]_0_11_centos ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-12-23 10:01:43 MST; 2 days ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1153 (sshd)
   Memory: 12.7M
   CGroup: /system.slice/sshd.service
           └─1153 /usr/sbin/sshd -D

Dec 26 09:31:08 VM_0_11_centos sshd[4032]: Failed password for root from 222.186.175.183 port 35944 ssh2
Dec 26 09:31:09 VM_0_11_centos sshd[4032]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Dec 26 09:31:13 VM_0_11_centos sshd[4317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.183  user=root
Dec 26 09:31:13 VM_0_11_centos sshd[4317]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Dec 26 09:31:15 VM_0_11_centos sshd[4317]: Failed password for root from 222.186.175.183 port 28846 ssh2
Dec 26 09:32:12 VM_0_11_centos sshd[5232]: Invalid user admin from 49.235.96.44 port 37576
Dec 26 09:32:12 VM_0_11_centos sshd[5232]: input_userauth_request: invalid user admin [preauth]
Dec 26 09:32:12 VM_0_11_centos sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
Dec 26 09:32:12 VM_0_11_centos sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.96.44
Dec 26 09:32:13 VM_0_11_centos sshd[5232]: Failed password for invalid user admin from 49.235.96.44 port 37576 ssh2

5）nmap(network mapper)

[[email protected]_0_11_centos ~]# nmap -sV -p 22 localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2019-12-26 09:36 MST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000052s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: VM_0_11_centos
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds