Linux Tcp Ports - How To Use Netstat and Iptables For Linux Troubleshooting

May 8, 2011 | By
| Reply More

It is a well known fact that Linux/Unix systems are mostly used as servers and are often in connection to the internet. In such platforms, access is limited by ports used. The term 'port' means a number access point that is used to access your system much like a telephone number. Ports are usually connected to sockets, which provide standard connection protocol to communicate data over network.

Generally, ports are of three main types or ranges:

1. Well known ports : Ranges from 0 to 1023
2. Registered ports : Ranges from 1024 to 49151
3. Private ports : Ranges from 49152 to 65535

Local port range can be increased with the following command:

# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

Socket time out can be changed as follows:

# echo 2000 > /rpoc/sys/net/ipv4/tcp_keepalive_time

Access through port can be restricted in three ways:

1. Firewall Configuration
2. Setting restrictions in servers
3. Disable server that is not currently being used

In Linux /etc/services file contains all the details about the ports and associated services.

ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
# 24 - private
smtp 25/tcp

In the output given above, the first column shows the service name, and then the port number and the protocol used.

Given below is a list of all the ports that are used for Linux distributions:

Port Number TCP/UDP Protocol
20 & 21 TCP FTP
22 TCP SSH
23 TCP Telnet
25 TCP SMTP
53 TCP UDP DNS
67 UDP DHCP
69 UDP TFTP
80 TCP HTTP
88 TCP Kerberos
109 & 110 TCP POPv2 & POPv3
110 POP3 Mail Server 119 TCP NNTP
123 UDP NTP
137 UDP NetBIOS Name Service
138 UDP NetBIOS Datagram
139 TCP NetBIOS Session
143 TCP IMAP 2
161 UDP SNMP
177 UDP XDMCP
220 TCP IMAP 3
389 TCP LDAP
443 TCP HTTPS
445 TCP Microsoft DS
514 UDP Syslog

However, this list is still incomplete and even /etc/services is also incomplete. One remarkable difference between TCP/IP ports is that some are privileged (often numbers below 1024) and others are unprivileged. Normally, the Linux system restricts privileged port access.

To list the ports that are open in a network and process using the port type:

# sudo lsof –i
# sudo netstat –lptu

To list open ports we can use the following:

# netstat –a

Or,

# netstat –nat | grep LISTEN
tcp4 0 0 *.5555 *.* LISTEN
tcp4 0 0 10.1.3.29.53 *.* LISTEN
tcp4 0 0 192.168.56.1.53 *.* LISTEN
tcp4 0 0 115.242.47.238.53 *.* LISTEN
tcp4 0 0 127.0.0.1.953 *.* LISTEN
tcp4 0 0 127.0.0.1.53 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN

The open port can be verified as follows:

# netstat –tulpn | less

To check whether iptable allows connection through 80 / 110 /143 ports:

# iptables –L –n

Generally,the ports are encoded in the protocol being used and are read by other network components like firewall. Firewall is used to restrict access to ports. When the port is blocked, it needs to be opened at the firewall level. Given below is an example to open the port 110:

# /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
# service iptables save

To list all the listening port on the network, use netstat command as follows:

# netstat –anp –tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:544 0.0.0.0:* LISTEN 1826/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 4677/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16446/sshd
tcp 0 0 0.0.0.0:2105 0.0.0.0:* LISTEN 1826/xinetd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 841/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1925/httpd

This is a list of well-known port numbers and its services:

Port Number Description
1 TCP Port Service Multiplexer (TCPMUX)
5 Remote Job Entry (RJE)
7 ECHO
18 Message Send Protocol (MSP)
20 FTP -- Data
21 FTP -- Control
22 SSH Remote Login Protocol
23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
29 MSG ICP
37 Time
42 Host Name Server (Nameserv)
43 WhoIs
49 Login Host Protocol (Login)
53 Domain Name System (DNS)
69 Trivial File Transfer Protocol (TFTP)
70 Gopher Services
79 Finger
80 HTTP
103 X.400 Standard
108 SNA Gateway Access Server
109 POP2
110 POP3
115 Simple File Transfer Protocol (SFTP)
118 SQL Services
119 Newsgroup (NNTP)
137 NetBIOS Name Service
139 NetBIOS Datagram Service
143 Interim Mail Access Protocol (IMAP)
150 NetBIOS Session Service
156 SQL Server
161 SNMP
179 Border Gateway Protocol (BGP)
190 Gateway Access Control Protocol (GACP)
194 Internet Relay Chat (IRC)
197 Directory Location Service (DLS)
389 Lightweight Directory Access Protocol (LDAP)
396 Novell Netware over IP
443 HTTPS
444 Simple Network Paging Protocol (SNPP)
445 Microsoft-DS
458 Apple QuickTime
546 DHCP Client
547 DHCP Server
563 SNEWS
569 MSN
1080 Socks

Filed Under : LINUX IPTABLES, NETWORK, TROUBLESHOOTING

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

All comments are subject to moderation.