Generally in the beginning of the need for their own company’s IT environment to have a general understanding of 1-2 months after the need to open the port has a clear understanding of what the port is used to do, whether it is illegal open port , Their own mind to be the number of unknown Trojans through a strange port to the black out on the embarrassment. So as the operation and maintenance personnel need to open the port of each company has a clear understanding of the port, at the same time have to face the strange port how to determine the port corresponding to what kind of service, the service is illegal and so on.
Need to use the command :
Ss -tnl shows all tcp has been listening on the port
Lsof -i : The port displays all the processes that open the port
Working example:
One day through ss -tnl found that do not know the port is being monitored
For the port 49994 I do not know why it is doing, so use the lsof-i command to see which ports are open
It is found here that the port corresponds to the rpc.statd command.
(If prompted not to remember the command yum install-y lsof)
If you do not know rpc.statd, a very simple way is baidu
Through the baidu can know that the order is nfslock service of a process, if you want to close the port only need to close nfslock service
Service nfslock stop
And then perform ss-tnl found 49994 port disappeared
In the future if you encounter an unknown port can use the above method to judge.
Recent Comments