Generally in the beginning of the need for their own company’s IT environment to have a general understanding of 1-2 months after the need to open the port has a clear understanding of what the port is used to do, whether it is illegal open port , Their own mind to be the number of unknown Trojans through a strange port to the black out on the embarrassment. So as the operation and maintenance personnel need to open the port of each company has a clear understanding of the port, at the same time have to face the strange port how to determine the port corresponding to what kind of service, the service is illegal and so on.

Need to use the command :

Ss -tnl       shows all tcp has been listening on the port

 Lsof -i : The port   displays all the processes that open the port

 

Working example:

One day through ss -tnl found that do not know the port is being monitored

 

For the port 49994 I do not know why it is doing, so use the lsof-i command to see which ports are open

It is found here that the port corresponds to the rpc.statd command.

(If prompted not to remember the command yum install-y lsof)

If you do not know rpc.statd, a very simple way is baidu

Through the baidu can know that the order is nfslock service of a process, if you want to close the port only need to close nfslock service

Service nfslock stop

And then perform ss-tnl found 49994 port disappeared

In the future if you encounter an unknown port can use the above method to judge.

Leave a comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam

Hit Counter provided by dental implants orange county