在Linux上查找开放端口和侦听服务:Nmap,Netstat,lsof和ss
时间:2020-03-21 11:43:46 来源:igfitidea点击:
nmap
nmap是我们一直以来最喜欢的工具之一,它是端口扫描器和网络浏览工具。
要在Debian Wheezy上安装,请执行以下操作:
# apt-get install nmap
Nmap可以执行简单的ping扫描:
$nmap -sP localhost Nmap scan report for localhost (127.0.0.1) Host is up. Other addresses for localhost (not scanned): 127.0.0.1 Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds
使用主动(-T4)计时模式扫描所有TCP端口:
# nmap -p T:1-65535 -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.000047s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 65527 closed ports PORT STATE SERVICE 12/tcp open unknown 80/tcp open http 443/tcp open https 3000/tcp open ppp 3001/tcp open nessus 3306/tcp open mysql 8834/tcp open unknown 10050/tcp open unknown 10051/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds
执行半开式TCP/SYN扫描(需要root特权):
# nmap -sS -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.000048s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 995 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 3000/tcp open ppp 3001/tcp open nessus 3306/tcp open mysql Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds
扫描TCP和UDP端口(UDP扫描需要root特权):
# nmap -sTU -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.0017s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 1994 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 3000/tcp open ppp 3001/tcp open nessus 3306/tcp open mysql 68/udp open|filtered dhcpc Nmap done: 1 IP address (1 host up) scanned in 1.57 seconds
仅扫描标准的SSH,telnet和RDP端口:
$nmap -p T:22-23,3389 -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.00012s latency). Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE 22/tcp closed ssh 23/tcp closed telnet 3389/tcp closed ms-wbt-server Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
扫描20个最常见的端口:
$nmap --top-ports 20 -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.000054s latency). Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE 21/tcp closed ftp 22/tcp closed ssh 23/tcp closed telnet 25/tcp closed smtp 53/tcp closed domain 80/tcp open http 110/tcp closed pop3 111/tcp closed rpcbind 135/tcp closed msrpc 139/tcp closed netbios-ssn 143/tcp closed imap 443/tcp open https 445/tcp closed microsoft-ds 993/tcp closed imaps 995/tcp closed pop3s 1723/tcp closed pptp 3306/tcp open mysql 3389/tcp closed ms-wbt-server 5900/tcp closed vnc 8080/tcp closed http-proxy Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
探测打开的端口以确定服务和版本信息:
$nmap -sV -T4 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.000047s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 995 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 443/tcp open ssl/http Apache httpd 3000/tcp open ssl/ntop-http Ntop web interface 5.0.1 3001/tcp open ssl/ntop-http Ntop web interface 5.0.1 3306/tcp open mysql MySQL 5.5.33-0+wheezy1 Nmap done: 1 IP address (1 host up) scanned in 34.62 seconds
扫描所有TCP和UDP端口并确定服务和版本信息:
# nmap -sTU -sV -T4 -p 1-65535 localhost Nmap scan report for localhost (127.0.0.1) Host is up (0.0012s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 131059 closed ports PORT STATE SERVICE VERSION 12/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0) 80/tcp open http Apache httpd 443/tcp open ssl/http Apache httpd 3000/tcp open ssl/ntop-http Ntop web interface 5.0.1 3001/tcp open ssl/ntop-http Ntop web interface 5.0.1 3306/tcp open mysql MySQL 5.5.33-0+wheezy1 8834/tcp open ssl/unknown 10050/tcp open tcpwrapped 10051/tcp open zabbix Zabbix Monitoring System 68/udp open|filtered dhcpc 2055/udp open|filtered iop 19167/udp open|filtered unknown Service Info: OS: Linux; CPE: cpe:/o:linux:kernel Nmap done: 1 IP address (1 host up) scanned in 97.85 seconds
nmap拥有相当广泛的其他扫描技术,上述这些是查找开放端口和识别服务的简单方法。
netstat
Netstat是net-tools软件包的一部分,尽管被视为Linux网络命令已弃用,但仍广泛用于许多系统(RHEL 6.5,Debian 7,Ubuntu 12.04,Ubuntu 14.04)。
Netstat可以打印网络连接,路由表。
要发现数字格式的所有侦听TCP和UDP端口,同时还显示PID和程序名称,请执行以下操作:
# netstat -nltup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 14124/ntop tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN 14124/ntop tcp 0 0 0.0.0.0:8834 0.0.0.0:* LISTEN 23616/nessusd tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 2526/zabbix_agentd tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN 19818/zabbix_server tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2656/mysqld tcp 0 0 0.0.0.0:12 0.0.0.0:* LISTEN 17491/sshd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14243/apache2 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14243/apache2 tcp6 0 0 :::8834 :::* LISTEN 23616/nessusd udp 0 0 0.0.0.0:2055 0.0.0.0:* 14124/ntop udp 0 0 0.0.0.0:68 0.0.0.0:* 1691/dhclient udp 49408 0 0.0.0.0:19167 0.0.0.0:* 1691/dhclient
正如我们在上面看到的,没有找到侦听的UDP端口。
要查看所有已建立的连接,而不仅仅是侦听的连接,我们可以在命令行中添加“ a”参数。
我倾向于为经常用于保存自己的输入的命令添加别名:
# alias nets="netstat -nltup"
或者,将其放入文件“~/.bashrc”以使更改持久化。
打印路由表:
$netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.132.1.1 0.0.0.0 UG 0 0 0 eth0 10.132.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
请注意,netstat命令不需要root特权即可显示内核路由表。
lsof
lsof程序名义上列出了打开的文件。
在lsof手册页中,打开的文件可以是常规文件,目录,特殊字符文件,库,流或者网络文件(Internet套接字,NFS文件或者UNIX域套接字)。
要获取使用IPv4和TCP协议的所有Internet文件的列表,我们可以使用以下方法:
# lsof -i4tcp | grep -i listen
Grep帮助解析输出并仅打印侦听文件。
在原始输出中分页将使我们对系统的整体网络使用情况有了更好的了解。
ss
ss实用程序是iproute2软件包的一部分,用于转储套接字统计信息,类似于netstat。
要在Debian Wheezy上安装,请执行以下操作:
# apt-get install iproute
要发现数字格式的所有侦听TCP和UDP套接字,请执行以下操作:
# ss -nltu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:2055 *:* udp UNCONN 0 0 *:68 *:* udp UNCONN 49408 0 *:19167 *:* tcp LISTEN 0 128 *:80 *:* tcp LISTEN 0 10 *:3000 *:* tcp LISTEN 0 10 *:3001 *:* tcp LISTEN 0 128 *:443 *:* tcp LISTEN 0 128 :::8834 :::* tcp LISTEN 0 128 *:8834 *:* tcp LISTEN 0 128 *:10050 *:* tcp LISTEN 0 128 *:10051 *:* tcp LISTEN 0 50 127.0.0.1:3306 *:* tcp LISTEN 0 128 *:12 *:*
