Linux pе -- Linux ~f port limit - 鸟哥的 Linux 私房菜

Linux ~suf
wA@As峹аѦ B

̪sG2003/09/19

ڭ̪D|^W@ǭnDʥ]OHҦpڭ̳]wF@ WWW DAӦ Internet WWW nDɡAڭ̪DN|H^AoO]ڭ̪DҥΤF WWW ťf (port) ڡIo̴NnSOdNFAڭ̱ҥΤF@ daemon ɡANi|yD Port bi Listen ʧ@Aɸ daemon NOwgWѪAȤFIU@o daemon |}A]L Internet AȡAҥHNeQ Internet W cracker ҤJIFIҥHAJӪˬdۤvtΤW port 쩳}Fh֭ӡAåBHY檺޲zA~CQJIiʰڡI

@
Of( port )G
@@G`@hְfHǬOOd port H
@@GServer/Client suإߪ TCP TV洤
@@Gww
p[fG
@@Gϥ netstat
@@Gϥ nmap
pαҰʤ@ӰfG
]w}ɱҰʪAȪkG
wʡG Ҧ~} port
ҫmG

Of( port )G

ڪD}Fh֪ port A||QJIrI

} port |wHSAڪAӹ port r

ť, LISTEN

HΪ high portz

ҿת LISTEN NOzDҰʬYǪAȡAoӪAȴN|b Linux tΤWҥΤ@ port HťӦ Internet nDIҦpH FTP AȨӻnFApGzDҥ FTP oӪAȪܡADN|ҥ port 21 IӥB port 21 O@ҥΪA FTP oӪAI

U@ڪDOn~DʪsuOH|ҨӻnFAڪ Linux n~ WWW DnD ( WWW Dw] port number 80 ) Aڪ Linux `OݭnҥΤ@ port ӹ~suaHIMƫʥ]ǻHҥΪ port number Oh֩OHILinux D|yHzΤ@ӨSQϥΪj 1024 HW port Ӷiosu欰C

TCP/IP

TCP

GKKIǫܤֱĲB͡A``|ݻGyxIzqPɦ FTPBWWWBE-Mail ohAȡAOHaǸƹLӡAzq򪾹DpP_Hqu|~PܡHIz{bDFܡHIաINO] port PIziHo˷QաA@ѡAznhȦsAӻȦNiHQOyDzAMAȦMiu@ط~ȡAYN۷hfAz@ijɭԡAbfAȤHN|ݱzGy١IznrIznǤơHzzLGyڭnsrIzAAȭ۴N|iDzGyܡIЫeTfI䪺H|zAȡIzoӮɭԱz`Ӥ|Lf]aHI ^_^""oǵfNiHQOy port zoIҥHաIC@تAȳSw port bťIzL߹q|~PDI

`@hְfHǬOOd port H

Ҧ port O 1 ~ 65535 ohӰ

u root ~iHҥ 1 ~ 1023 H port

ܩj 1024 HW port FtHΨӧ@suݨD~A]iHΨӧ@AȪ LISTEN ΡC

Linux `κO

netstat

netstat -tl

Wu-FTP

[root@test root]# vi /etc/services
ftp-data        20/tcp
ftp-data        20/udp
ftp             21/tcp
ftp             21/udp
ssh             22/tcp                          # SSH Remote Login Protocol
ssh             22/udp                          # SSH Remote Login Protocol
telnet          23/tcp
telnet          23/udp
smtp            25/tcp          mail
smtp            25/udp          mail
domain          53/tcp          nameserver      # name-domain server
domain          53/udp          nameserver
bootps          67/tcp                          # BOOTP server
bootps          67/udp
bootpc          68/tcp                          # BOOTP client
bootpc          68/udp
http            80/tcp          www www-http    # WorldWideWeb HTTP
http            80/udp          www www-http    # HyperText Transfer Protocol
hostname        101/tcp         hostnames       # usually from sri-nic
hostname        101/udp         hostnames       # usually from sri-nic
pop2            109/tcp         pop-2   postoffice      # POP version 2
pop2            109/udp         pop-2
pop3            110/tcp         pop-3           # POP version 3
pop3            110/udp         pop-3
sunrpc          111/tcp         portmapper      # RPC 4.0 portmapper TCP
sunrpc          111/udp         portmapper      # RPC 4.0 portmapper UDP
auth            113/tcp         authentication tap ident
auth            113/udp         authentication tap ident
sftp            115/tcp
sftp            115/udp

Server/Client suإߪ TCP TV洤

C@ TCP suѤ@(q` client )o_ШDAo port q`OHܤj 1024 HW port ӶiI TCP ʥ]|N(BuN) SYN (Dʳsu)Xг]w_ӡIoOӳsuĤ@ӫʥ]F
pGt@(q` Server ) oӽШD ( MoASAȻݭnHS port ӶiAҦp FTP port 21 )Ah|VШDݰe^ӳsuĤGӫʥ]IWF SYN XФ~PٱN ACK (T{)XФ]]w_ӡAæPɦbݫإ߸귽HݳsuݡF
MAШDoAȺݲĤ@Ӧ^ʥ]AA^@ӽT{ʥ]Aɫʥ]ua ACK X(ƹWM~suҦʥ]a ACK X)Q
uAȺݦШDݪT{( ACK )ʥ](]NOӳsuĤTӫʥ])Mݪsu~ॿإߡCoNOҿת TCP suyTq洤( Three-Way Handshake )zzC

wwH

ګ򪾹D@ port wH

port

Wu-ftpd oӪAȤwAĳja proftp

YǤwA

}F port

p[fG

ݥL쩳bFԣ

/etc/services

AȦW١@@@port @@@`MW١@@@@@@@ĳ
==================================================================================
ftp@@@@@ 21@@@@@ Wu-ftp, proftp@@@@@@n}LI
telnet@@@@23@@@@@ telnet@@@@@@@@@@n}LI
smtp@@@@@25@@@@@ sendmail, postfix@@@@ DnAMnҰʡI
http@@@@@80@@@@@ apache@@@@@@@@@@DnAMnҰʡI
pop3@@@@ 110@@@@@ imap @@@@@@@@@@ DO mail DAMn}
netbios-ssn@139@@@@@ SAMBA@@@@@@@@@@ DnAMnҰʡI
squid@@@ 3128@@@@@ squid@@@@@@@@@@ DnAMnҰʡI
mysql@@@ 3306@@@@@ MySQL@@@@@@@@@@ DnAMnҰʡI

M٤uoǭAԲӪTzӨz Linux DU /etc/services oɮץhݥJӡInFA򱵤UӴNOnӹݧڭ̥D port oIpݩOHUڭ̤Шӳ̱`ϥΪ[OG

netstat G bWHۤv{ʴۤv port ALMIF
nmap G bWAHS{ۤvAi|HkC

LjYIϥ nmap |HkHIOߡAѩ nmap \ӱjjFAҥHܦh cracker ( ǫȡAWH ) |HLӰOHDAoӮɭԴNiyHkաIunzϥ nmap ɭԤnhOHqDAN|DաI ^_^"" Uڭ̤Oӻ@o_aI

ϥ netstat OG

peҭzAbD Linux tΤA

AȶجOVֶVn

Io˥iHקKnJI޹DI]AoӮɭԽAѤ@UztηASǪAȳQ}ҤFOHnAѦۤvtηAȶءA²KkNOϥ netstat FIoӪF褣² ( C@ Linux w]|w˪MI ) AӥB\]OܤCoӫOϥΤkb Linux `κ\OзLFAUڭ̶ȴѦpϥγoӤu㪺koI

[root@test root]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0     20 192.168.1.2:ssh       192.168.1.11:1391     ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix 10     [ ]         DGRAM                    768    /dev/log
unix 2      [ ]         DGRAM                    304058
unix 2      [ ]         DGRAM                    303994
unix 2      [ ]         DGRAM                    303972
unix 2      [ ]         DGRAM                    70794
unix 2      [ ]         DGRAM                    70743
unix 2      [ ]         DGRAM                    27533
unix 2      [ ]         DGRAM                    895
unix 2      [ ]         DGRAM                    785

pWҥܡA¨ϥ netstat ɭԡAȡy

CXثewgqAȶػPAȦW

zҥHziHݨAѩثeȦ@ ssh suإߦ\AҥHNuܥX@

ESTABLISHED ( suN )

ءCWĤTH tcp }Y@Aܡy

@ ssh Aȶ}ҳqDsuAOѻ client 192.168.1.11 o IP s 192.168.1.2 DWo IP A Client ݳsuqDOH 1391 oӳqDsiJ ssh AȤI

zCo̳o ssh ܪAȦWٴNOb /etc/services ̭OoIpGڻݭnNҦسCXөOHҦpG port ثebťOHI

[root@test root]# netstat -a
AActive Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:pop3                  *:*                     LISTEN
tcp        0      0 *:imap                  *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0     20 192.168.1.2:ssh         192.168.1.11:1391       ESTABLISHED
udp        0      0 *:1238                  *:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix 10     [ ]         DGRAM                    768    /dev/log
unix 2      [ ]         DGRAM                    304058
unix 2      [ ]         DGRAM                    303994
unix 2      [ ]         DGRAM                    303972
unix 2      [ ]         DGRAM                    70794
unix 2      [ ]         DGRAM                    70743
unix 2      [ ]         DGRAM                    27533
unix 2      [ ]         DGRAM                    895
unix 2      [ ]         DGRAM                    785

pWҥܡA[J -a ( all )NONҦbWҦ port ACXNALAAȪW٤wgϥ

/etc/services

̭W٤FAӤOϥ port ƦrIpWҥܡAثeڥDWAȦ@}ҤFGy pop3BimapBftpBsshBsmtp zA (

NOb tcp ʥ]Y㦳 LISTEN XөNNo

I) ܩwgإߪAȴNu ssh o@oIpGڷQnD port XOHANϥΩUOaI

[root@test root]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0     20 192.168.1.2:22          192.168.1.11:1391       ESTABLISHED
udp        0      0 0.0.0.0:1238            0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix 10     [ ]         DGRAM                    768    /dev/log
unix 2      [ ]         DGRAM                    304058
unix 2      [ ]         DGRAM                    303994
unix 2      [ ]         DGRAM                    303972
unix 2      [ ]         DGRAM                    70794
unix 2      [ ]         DGRAM                    70743
unix 2      [ ]         DGRAM                    27533
unix 2      [ ]         DGRAM                    895
unix 2      [ ]         DGRAM                    785

pWҥܡAڱqAȳqDu 22 o@ӡAӨLziHѷӤWOXGӹӡAҥHzNiHDoGpop3 110 imap 143 INOooI]AzL@OANiHAѥثeDB@pPAȪAoIMoA netstat γ~󦹡AziHϥ

man netstat

Ӭd\@fI۫HzD|jAI

۫H֪Bͳ|oӧxZANO

n˧RwgإߪsuOH

]`Ǥtȷ|szDӶi@ǯ}au@IΪ̬OzڥQsuLӡIIٰOo Linux pе--¦ǲ߽g귽޲z ̭쪺Xӱ`ΪOaIHNOXӳsu{Ǫ PID AMᵹL kill NOFI²rILAjDOy

ڭn˧Xsu PID rI

HzIѩ PID ޲zP骺tθ귽AoӮɭԡAMiHϥ netstat [ PID AL

u root iH[suA PID X

I( GٰOo귽޲zΪ PID ܡHNOAb Linux tΤACӡy{ǡztγ|@ӸXӺ޲zIoӴNO PID oI)

[root@test root]# netstat -ap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:ssh                   *:*                     LISTEN      32149/sshd
tcp        0    284 140.116.141.19:ssh      192.168.1.11:1391       ESTABLISHED 24751/sshd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix 7      [ ]         DGRAM                    944    509/syslogd         /dev/log
unix 2      [ ]         DGRAM                    3035915 16648/xinetd
unix 2      [ ]         DGRAM                    739227 5951/pppoe
unix 2      [ ]         DGRAM                    739189 5949/pppd
unix 2      [ ]         DGRAM                    1070   628/crond
unix 2      [ ]         DGRAM                    953    514/klogd
unix 2      [ ]         STREAM     CONNECTED     690    1/init [3]

ݨWӱrsuإߪAFܡHKKI̫᭱@NOܨ PID/Program name A PID ( WO 24751 )]NOڭ̭nӬ屼աIoӮɭԡApGnNӳsu屼ɡANH kill ӰaI

[root@test root]# kill -9 24751

o˴NNӳsuLyXhzzDաII ^_^""

ϥ nmap MG`NwI

bW[ port ̦nOϥ netstat աI]LwSiaIOAѩi঳Y port |M䤣AΪ̤o port OFΪAרO /etc/services YS쪺X port AȡIoӮɭԫHISYAnAڭ̳oӮɭԥiHϥΨӫܬy檺y«ȫOzANO nmap oӪFաInmap M󻡩W٬GyNetwork exploration tool and security scannerzAUWqAoӪFOQtκ޲zΨӺ޲ztΦwʬd֪uILyz]FA nmap iHgѤۦwqX port ơAӬdX port AȬAҥHڭ̤]iHǦAѧڭ̥D port 쩳OFΪIpGzOw Linux O Red Hat ܡAo nmap MӤwgw˧FAU@SoӮM󪺸ܡA]iHӨ쩳UUG

https://vbird.org.cn/download/#nmap

[root@test root]# nmap <> <˰Ѽ> <Hosts }Pd>
ѼƻG
<>GDnUXءG
@@-sTG TCP ʥ]wإߪsu connect() I
@@-sSG TCP ʥ]a SYN Ҫ
@@-sPGH ping 觋i汽
@@-sUGH UDP ʥ]榡i汽
@@-sOGH IP w ( protocol ) iD
<˰Ѽ>GDn˰ѼƦXءG
@@-PTGϥ TCP Y ping 觋Ӷi汽ˡAiH򪾥ثeX
@@@@ qs(`)
@@-PIGϥιڪ ping (a ICMP ʥ]) Ӷi汽
@@-p GoӬO port range AҦp 1024-, 80-1023, 30000-60000 ϥΤ觋
<Hosts }Pd>GoӦhFAX
@@192.168.0.100 GgJ HOST IP ӤwAˬd@F
@@192.168.0.0/24 G C Class AA
@@192.168.*.*@@GKKIhܬ B Class AFI˪dܼsFI
@@192.168.0.0-50,60-100,103,200 GoجOܧΪDdաIܦnΧaI
dҡG

D@G˳@qI
[root@test root]# nmap localhost@@
# S[WѼơA nmap w]ѼƨӶi汽
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on vbird.adsldns.org (127.0.0.1):
(The 1539 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
# ѤWiHݥXڪtΥثe@ 21, 22, 23 oT port }IӥB
# U port AȤ]QdXӤFI

DGG˳@qּ port XI
[root@test root]# nmap -p 1024-65535 localhost
# ȱ˸ּƪ port աI
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on pc510.ev.ncku.edu.tw (127.0.0.1):
(The 64511 ports scanned but not shown below are in state: closed)
Port State Service
3306/tcp open mysql <==uo port QXoI
Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds

DTGH Ping 觋˼ƭӹqI
[root @test /root]# nmap -PT 192.168.1.171-177
# ݨFaIˤ@ӰϬq۪qI

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on linux172 (192.168.1.172):
(The 1536 ports scanned but not shown below are in state: closed)
Port       State       Service
110/tcp    open        pop-3
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
445/tcp    open        microsoft-ds
1025/tcp   open        listen
1110/tcp   open        nfsd-status

Interesting ports on linux174 (192.168.1.174):
(The 1537 ports scanned but not shown below are in state: closed)
Port       State       Service
110/tcp    open        pop-3
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
445/tcp    open        microsoft-ds
1025/tcp   open        listen

Interesting ports on linux176 (192.168.1.176):
(The 1537 ports scanned but not shown below are in state: closed)
Port       State       Service
110/tcp    open        pop-3
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
445/tcp    open        microsoft-ds
1025/tcp   open        listen

Nmap run completed -- 7 IP addresses (3 hosts up) scanned in 1 second
@IڭnuCqAҥHoCqu|^oIӨ𫟺uTҰʡAҥHMNu|Tq^աIoӤ觋ZAX@˱zl줺ҦqOI ^_^"

ЯSOdNAo nmap \۷jjA]O]pAҥHܦhbmߪ«ȷ|ϥγoӳnӶi氻OHqAoӮɭԽбzSOdNAثeܦhHwgySO觋zӶinu@IҦpH TCP_Wrappers ( /etc/hosts.allow, /etc/hosts.deny ) \ӰOgL port D IPIoӳnΨӡyۤvwzOܤ@ӤuAOpGΨӰOHDAiOi|yYWxqzISOdNII

pαҰʤ@ӰfG

}@ port 觋OG}ҩ@ӪAȧYiI

[root@test root]# /etc/rc.d/init.d/sendmail start
Starting sendmail:                                         [ OK ]
[root@test root]# netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.2:22          192.168.1.11:3175       ESTABLISHED
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix 8      [ ]         DGRAM                    944    /dev/log
unix 2      [ ]         DGRAM                    3161529
unix 2      [ ]         DGRAM                    3160038
unix 2      [ ]         DGRAM                    739227
unix 2      [ ]         DGRAM                    739189
unix 2      [ ]         DGRAM                    1070
unix 2      [ ]         DGRAM                    953
unix 2      [ ]         STREAM     CONNECTED     690
# ݡI 127.0.0.1:25 X{FII
@
[root@test root]# /etc/rc.d/init.d/sendmail stop
Shutting down sendmail:                                    [ OK ]

Linux pе -- ¦ǲ߽g{ѪA

/etc/rc.d/init.d
/etc/xinetd.d

/etc/rc.d/init.d/sendmail start

super daemon

sҰ xinetd oӪAȡI

/etc/rc.d/init.d/xinetd restart

service

G service oӫOëDҦ Linux distribution sbAȦ Red Hat Mandrake W~|o{oӫOI

service xinetd restart

]w}ɱҰʪAȪkG

¦ǲ߽g--Linux }{

BIOS
MBR
Linux Loader
Kernel, init ( o run-level ),
/etc/rc.d/,
/etc/modules.conf,
/etc/rc.d/rc[0-6].d,
/etc/rc.d/rc.local

¦ǲ߽g--}{

nΪtΤu

ONҦAȳNOw

@wnҰʪ

AȦW١@@@@@@AȤe
===============================================================================
atd@@@@@@@@ b ҦʩRO Y쪺A@wRO檺AȡAȥҰʡI
cron@@@@@@@@b ҦʩRO Y쪺A`檺ROAȥҰʡI
iptables@@@@@@oӬOnALצpAҰʥLaI
keytables@@@@@ ]wLWr榡IMݭnŪJFIMp󱱨I
network@@@@@@ z`Ӥ|QnaHIҥHoӤ]бҰoI
random@@@@@@@ֳtNtΪAbHɶsMHɷAt
@@@@@@@@@@۷nI]b}Atη|t^_eAI
syslog@@@@@@@b tεn ̭LܦhFI۷nAȡIȥҰʡI
xinetd@@@@@@@աIt@ӪAȺ޲z super daemonI]OnҰʪؤ@I
xfs@@@@@@@@ pGzOϥ run-level 5 ϧΤAoӤ]nҰʰ

wʡG Ҧ~} port

bzwˤF Linux OA۫HܦhBͷ|}lQn@@ǫܬAȡAҦp WWW Ϊ̬O mail άO FTP AȡAOAoǪAȳbʪMIAܦhbȴNOQαz}ҪoǪAȨӶi}aI򥻤WA·ЪOyS차zo@{AHz~hbȷQnؼСCҥHoA駹F Linux AN@Ǥn{ΪAȲaIHOٱzwI𫟺A󭫭nhONҦ~ port _ӡIݭn~}ҡInFAQΧڭ̭责쪺XӤkNz~ port _ӧaI

1. ϥ ntsysv ]w}ɱҰʪAȶءG
[root@test root]# ntsysv
unܩUXӪAȧYi(`NIڬOH Red Hat r¦)
atd, cron, iptables, keytables, network, random, syslog, xinetd
pGO Mandrake ܡANonϥ chkconfig FI

2. s}]wͮġG
[root@test root]# reboot

3. [ثe port }Ҧh֭ӡH
[root@test root]# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix 7      [ ]         DGRAM                    944    /dev/log
unix 2      [ ]         DGRAM                    3162963
unix 2      [ ]         DGRAM                    739227
unix 2      [ ]         DGRAM                    739189
unix 2      [ ]         DGRAM                    1070
unix 2      [ ]         DGRAM                    953
unix 2      [ ]         STREAM     CONNECTED     690

oˤ@ӡAҦ~fNȮɪFInFAǳƭnӪ[oI@Ӥ@ӪҰʧڭ̪ port aI ^_^

ҫmߡG

p[z Linux DWwgh port Q}FH
p[{ǡH
а LISTEN port P daemon YH
иTV洤zPʥ]ǿ骺VC
а stand alone P super daemon UOH
аݱz Linux D (׬O distributions ) daemon ҰʻP scripts PɮשmbӥؿUH
бNz linux D~sufI

eѦҥθѵ

Linux ~suf

2002/08/02GX
2003/08/21GssAåB[JҫmߡC
2003/09/19G[JѦҥθѵFC