[treebug]

What do I need to do to find out what binaries are opening ports on my linux box?
I am not familiar with some of these services.

I used fport.exe in Windows that showed me which programs were responsible for opening certain ports?


Thanks

[CloudyOne]

You could install Amap, made by this genius named VanHauser, and run a scan on your own box.

hxxp://thc.org/thc-amap/

Then once you find which ones are sporting what versions, do research on those specific programs and their versions and check for the running process.

:P

[drygol]

go through maunal of cmd ---> lsof
this will give you what u need

[enodr]

lsof manpage being quite long and complex, lsof -i should do what you want.

By the way, for windows users sysinternals tcpview is a must: http://www.microsoft...es/TcpView.mspx

[Anarchiste]

man netstat ;)

[binarysaint]

Anarchiste, on Feb 27 2007, 06:20 PM, said:

man netstat ;)

netstat will just give you the listening ports, not the applications which are using them.

[Anarchiste]

binarysaint, on Mar 23 2007, 10:35 AM, said:

Anarchiste, on Feb 27 2007, 06:20 PM, said:

man netstat ;)

netstat will just give you the listening ports, not the applications which are using them.

sk@dump ~ $ sudo netstat -lapute
Password:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 localhost:mysql         *:*                     LISTEN      mysql      6852       4056/mysqld
tcp        0      0 *:http                  *:*                     LISTEN      root       7036       4200/apache2
tcp        0      0 *:ftp                   *:*                     LISTEN      root       7323       4313/pure-ftpd (SERVER)
tcp        0      0 *:ssh                   *:*                     LISTEN      root       6929       4136/sshd

Oops :lol:

[rlastinger]

Anarchiste, on Aug 14 2007, 11:14 AM, said:

binarysaint, on Mar 23 2007, 10:35 AM, said:

Anarchiste, on Feb 27 2007, 06:20 PM, said:

man netstat ;)

netstat will just give you the listening ports, not the applications which are using them.

sk@dump ~ $ sudo netstat -lapute
Password:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 localhost:mysql         *:*                     LISTEN      mysql      6852       4056/mysqld
tcp        0      0 *:http                  *:*                     LISTEN      root       7036       4200/apache2
tcp        0      0 *:ftp                   *:*                     LISTEN      root       7323       4313/pure-ftpd (SERVER)
tcp        0      0 *:ssh                   *:*                     LISTEN      root       6929       4136/sshd

Oops :lol:

Doh! I was going to say that. Nice one though. :)

along with everything else mentioned, nmap will work also, but my first thought would've been netstat.

[treebug]

netstat works for me. thanks for the help.