The first entry 1 shows us an existing
The first entry 1 shows us an existing TCP connection. The local address is 192.168.1.250.22, meaning that the remote side of my connection is talking to this machine on port 22 of the IP address 192.168.1.250. The remote machine is 192.168.1.200, and the connection is coming from port 49182. Finally, we see that this connection is ESTABLISHED; data is quite possibly flowing over this right now. We also see a TCP connection that has terminated 2 and is in the final stages of teardown. The next line 3 shows a port that’s listening on the local host, but on no other IP addresses. Only systems that can connect to 127.0.0.1 can actually connect to this machine. Because the only machine that can do that is the local host, this port is only available to the local machine. Shortly thereafter, we 4 see that the machine is listening to TCP port 22 on all available IP addresses. Because there is no remote host and no state, this is a daemon listening for incoming connections. Near the bottom, we 5 see a series of available connections on UDP ports. You should rarely, if ever, see a remote host running over a UDP connection. They tend to appear very briefly. What’s Listening on Ports? Now that you know which TCP and UDP ports are open, how can you tell which programs are listening on them? OpenBSD, like many UNIX-like operating systems, supports the lsof(8) program that helps track down which files are open. (Although lsof is not integrated with OpenBSD, it’s available in /usr/ports/ sysutils/lsof.) Although many people like lsof, it isn’t the only way to get this information out of OpenBSD. You can look in /etc/services and try to identify the program by the port number. This works well if you’re certain that nobody has been tampering with your system. One fun trick an intruder can try is to run a program on a port that should be used by another program. You might not think anything about port 80 being open on a web server, as that’s traditionally the port used by web servers. If one IP address has an SSH daemon listening on port 80, you’d never even notice. The only way to be absolutely sure what daemons are running on which ports is to check it yourself. OpenBSD includes the fstat(1) program, which lists every open file, pipe, or port on the system and various information about its state. I highly recommend perusing fstat(1), as it is a terribly useful program in many different troubleshooting situations. The important thing for us at this moment, however, is that it displays which program is bound to a port. Let’s examine TCP port 25, as shown in our example. According to /etc/services this should be “smtp,” or email. It probably is, but it’s definitely a good example to track down. Run fstat(1) and search its output for port 25. Network ports always appear with a colon before their names, so it’s a good idea to include the colon. (Searching for the number 25 in the list of all open files and their states will generate an awful lot of false positives. Go ahead, try it sometime.) # fstat | grep ‘:25′ root 2 sendmail 29452 4* internet stream tcp 0xe0b40d70 1 127.0.0.1:25 root sendmail 29452 5* internet6 stream tcp 0xe0b59004 [::1]:25 # At the end of the line we see the IP addresses and port numbers that this connection is listening on, and near the beginning we see the name of the program that is listening on this port. What do you know; this really is the mail server program! My nasty paranoid suspicions were unfounded this time. If you’re not sure what a program listening on a port does, be sure to check its man page. Page 171
Hint: If you are looking for high quality and reliable webspace provider to host and run your jsp hosting application check Virtualwebstudio jsp web hosting provider