Steve Litt wrote:
> Kent Borg said on Thu, 15 Jan 2026 17:44:05 -0800
>
> >Do an nmap scan of yourself and see what is listening, and ask why for
> >each hit. If you don't need it, then get rid of it or configure it to
> >only listen on localhost.
>
> I'm going to perform the exact test you mention in the preceding
> paragraph. If you know an exact command, please let us know. Otherwise
> I'll figure it out myself (I'm not an admin :-)
If you're on the machine you're testing, you don't even need
nmap.
sudo ss -lnp
(and you may want to pipe the output to less or a file)
The switches are "listening", "don't do DNS lookups, just give
numbers" and "show process information". The last one only works
if you are root.
The output will be in this form:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
and a couple of samples:
LISTEN 0 10 10.0.1.3:53 0.0.0.0:*
users:(("named",pid=3617,fd=430))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:*
users:(("nginx",pid=4535,fd=27),("nginx",pid=4532,fd=27),("nginx",pid=4529,fd=27),("nginx",pid=4526,fd=27),("nginx",pid=4525,fd=27),("nginx",pid=4524,f
d=27),("nginx",pid=4523,fd=27),("nginx",pid=4522,fd=27),("nginx",pid=4521,fd=27),("nginx",pid=4520,fd=27),("nginx",pid=4519,fd=27),("nginx",pid=4518,fd=
27),("nginx",pid=4517,fd=27))
The first one shows that named (bind, a DNS daemon) is listening
on 10.0.1.3 port 53, and has one process running.
The second shows that nginx, a web server, is listening on all
IP addresses on port 443, and has 13 processes listening.
The quantity of output will vary according to how many
interfaces you have, how many daemons, and how they are
configured. You can show only UDP, only TCP,
those which are listening, and those which are currently active in some way.
-dsr-
_______________________________________________
Discuss mailing list
[email protected]
https://lists.blu.org/mailman/listinfo/discuss
