GNU/Linux


Find which Ports are listening on Linux using netstat

netstat prints network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Using the parameter -l (or --listening) it will show only listening sockets/ports (which are omitted by default.).
--numeric-ports shows numerical port numbers but does not affect the resolution of host or user names (e.g. instead of showing the name ssh, it will show the value 22).

We used netstat using the following syntax to check which sockets/ports are open on the current machine:

netstat --listening --numeric-ports;

The results appeared as follows:

[george@bytefreaks ~]$ netstat --listening --numeric-ports
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State      
 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
 tcp        0      0 localhost:25            0.0.0.0:*               LISTEN     
 tcp6       0      0 [::]:44300              [::]:*                  LISTEN     
 tcp6       0      0 [::]:8080               [::]:*                  LISTEN     
 tcp6       0      0 [::]:22                 [::]:*                  LISTEN     
 tcp6       0      0 localhost:25            [::]:*                  LISTEN     
 udp        0      0 0.0.0.0:39925           0.0.0.0:*                          
 udp        0      0 0.0.0.0:24186           0.0.0.0:*                          
 udp        0      0 0.0.0.0:68              0.0.0.0:*                          
 udp        0      0 localhost:323           0.0.0.0:*                          
 udp        0      0 0.0.0.0:5353            0.0.0.0:*                          
 udp6       0      0 localhost:323           [::]:*                             
 udp6       0      0 [::]:33848              [::]:*                             
 udp6       0      0 [::]:61453              [::]:*                             
 raw6       0      0 [::]:58                 [::]:*                  7          
 Active UNIX domain sockets (only servers)
 Proto RefCnt Flags       Type       State         I-Node   Path
 unix  2      [ ACC ]     STREAM     LISTENING     22489    public/showq
 unix  2      [ ACC ]     STREAM     LISTENING     22445    public/pickup
 unix  2      [ ACC ]     STREAM     LISTENING     22449    public/cleanup
 unix  2      [ ACC ]     STREAM     LISTENING     22477    private/proxymap
 unix  2      [ ACC ]     STREAM     LISTENING     22480    private/proxywrite
 unix  2      [ ACC ]     STREAM     LISTENING     15452    /run/systemd/private
 unix  2      [ ACC ]     STREAM     LISTENING     22483    private/smtp
 unix  2      [ ACC ]     STREAM     LISTENING     22486    private/relay
 unix  2      [ ACC ]     STREAM     LISTENING     22492    private/error
 unix  2      [ ACC ]     STREAM     LISTENING     22495    private/retry
 unix  2      [ ACC ]     STREAM     LISTENING     22498    private/discard
 unix  2      [ ACC ]     STREAM     LISTENING     22501    private/local
 unix  2      [ ACC ]     STREAM     LISTENING     22504    private/virtual
 unix  2      [ ACC ]     STREAM     LISTENING     22507    private/lmtp
 unix  2      [ ACC ]     STREAM     LISTENING     22510    private/anvil
 unix  2      [ ACC ]     STREAM     LISTENING     22513    private/scache
 unix  2      [ ACC ]     STREAM     LISTENING     14445    /var/run/NetworkManager/private-dhcp
 unix  2      [ ACC ]     SEQPACKET  LISTENING     15476    /run/udev/control
 unix  2      [ ACC ]     STREAM     LISTENING     1404     /run/systemd/journal/stdout
 unix  2      [ ACC ]     STREAM     LISTENING     22452    public/qmgr
 unix  2      [ ACC ]     STREAM     LISTENING     15498    /run/lvm/lvmpolld.socket
 unix  2      [ ACC ]     STREAM     LISTENING     22474    public/flush
 unix  2      [ ACC ]     STREAM     LISTENING     22471    private/verify
 unix  2      [ ACC ]     STREAM     LISTENING     16034    /var/run/dbus/system_bus_socket
 unix  2      [ ACC ]     STREAM     LISTENING     16037    /var/run/avahi-daemon/socket
 unix  2      [ ACC ]     STREAM     LISTENING     15537    /run/lvm/lvmetad.socket
 unix  2      [ ACC ]     STREAM     LISTENING     22456    private/tlsmgr
 unix  2      [ ACC ]     STREAM     LISTENING     22459    private/rewrite
 unix  2      [ ACC ]     STREAM     LISTENING     22462    private/bounce
 unix  2      [ ACC ]     STREAM     LISTENING     22465    private/defer
 unix  2      [ ACC ]     STREAM     LISTENING     22468    private/trace

Check a specific port if it is open from a remote machine

In case you want to check a specific port if it is open from a remote machine, you can use nmap.
Using nmap to scan specific ports allows you to check if a remote machine appears to have open ports available to you.
nmap is a network exploration tool and security / port scanner.

The following example checks ports 80 and 8080 on 192.168.1.199 if they are open.

[george@bytefreaks ~]$ nmap -vv -p 80,8080 192.168.1.199
 
 Starting Nmap 6.40 ( http://nmap.org ) at 2017-02-22 14:10 EET
 Initiating Ping Scan at 14:10
 Scanning 192.168.1.199 [2 ports]
 Completed Ping Scan at 14:10, 0.00s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 14:10
 Completed Parallel DNS resolution of 1 host. at 14:10, 0.00s elapsed
 Initiating Connect Scan at 14:10
 Scanning 192.168.1.199 [2 ports]
 Discovered open port 8080/tcp on 192.168.1.199
 Completed Connect Scan at 14:10, 0.00s elapsed (2 total ports)
 Nmap scan report for 192.168.1.199
 Host is up (0.000060s latency).
 Scanned at 2017-02-22 14:10:29 EET for 0s
 PORT     STATE  SERVICE
 80/tcp   closed http
 8080/tcp open   http-proxy
 
 Read data files from: /usr/bin/../share/nmap
 Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds

The -vv parameter for nmap increases the verbosity of the results.
The -p parameter defines the ports to be checked.


grep: How to match lines using any of multiple patterns

Recently, we needed to filter the results of ps x using two different patterns.
The first pattern was ./ where we needed to match that exact character sequence.
The . period character is treated as a special character in regular expressions (it matches a single character of any value, except for the end of line), so we decided to use the -F parameter to remove this special handling.
Doing this change prevented us from writing a regular expression that uses the OR | operator.

-F (or --fixed-strings) is a matching control option that instructs grep to interpret the patterns as a list of fixed strings (instead of regular expressions), separated by newlines, any of which is to be matched.
We tried assigning the different patterns as different lines to a variable and then using them on the pipe, like in the following example:

patterns="./
banana";
ps x | grep -F $patterns;

..but it failed.

Solution

grep supports a matching control option -e that allows us to define multiple patterns using different strings.

-e PATTERN (or --regexp=PATTERN) uses the value PATTERN as the pattern. If this option is used  multiple times or it is combined with the -f (--file) option, grep will search for all patterns given.

In the end, our command was transformed to the following, which worked just fine!

ps x | grep -F -e "./" -e "banana";

A small note on how we use valgrind

valgrind is a suite of tools for debugging and profiling programs.
We use it for debugging and profiling Linux executable files.

Despite the fact that it can do a whole lot of stuff, usually we use it as follows (when we do not forget) to test our applications for memory leaks:

valgrind --show-leak-kinds=all --leak-check=full $application $application_arguments;

The options we chose are the following:

  • --show-leak-kinds=all It will show all leaks (definite, indirect, possible, reachable) in the full leak search (see next bullet)
  • --leak-check=full this option instructs valgrind to search for memory leaks when the client program finishes.
    Each individual leak will be shown in detail and be counted as an error.

These options are extremely useful as they will catch a lot of little leaks that you might have missed (e.g. closing a file, freeing some memory, …)


List available functions in a shared library .so file

Recently, we wanted to see if a certain function call was available in a shared library (.so).

To do so we used the command nm.
nm lists symbols from object files.

We used the command nm -D /libs/mylib.so.1.
The parameter -D (or --dynamic) displays the dynamic symbols rather than the normal symbols.  (This is only meaningful for dynamic objects, such as certain types of shared libraries.)

We got a huge list which was similar to this

...
000000000000e6e0 T sudo_SHA512Update
000000000000eb20 T sudo_sig2str
000000000000b970 T sudo_strlcat
000000000000b910 T sudo_strlcpy
0000000000006f60 T sudo_strsplit_v1
00000000000070a0 T sudo_strtobool_v1
0000000000007330 T sudo_strtoid_v1
0000000000007570 T sudo_strtomode_v1
000000000000bb20 T sudo_strtonum
000000000000ac20 T sudo_term_cbreak_v1
000000000000adb0 T sudo_term_copy_v1
000000000021339c B sudo_term_erase
00000000002133a0 B sudo_term_kill
000000000000a920 T sudo_term_noecho_v1
000000000000aa80 T sudo_term_raw_v1
000000000000a860 T sudo_term_restore_v1
00000000000052a0 T sudo_vfatal_nodebug_v1
00000000000052d0 T sudo_vfatalx_nodebug_v1
0000000000005480 T sudo_vwarn_nodebug_v1
00000000000054b0 T sudo_vwarnx_nodebug_v1
00000000000055c0 T sudo_warn_gettext_v1
00000000000052f0 T sudo_warn_nodebug_v1
00000000000055a0 T sudo_warn_set_conversation_v1
...

We filtered out all elements that had the value T or t on the second column as those objects are symbol in the text (code) section and we found the function call we wanted there!