通常，端口号由1至65535组成，因此有65535个端口。那么，这些端口中有为系统预定的吗？有！一般来说，只有根可以激活1至1023以下的端口。这些端口是为系统保留的。

至于大于1024以上的端口，除了给系统随机取用作为连接需求之外，也可以用来作为服务的监听之用。

保留端口与它所对应的服务其实已经在linux系统中存在一个对照表，就是/etc/services文件。这个文件是某些服务在启动时设置端口号的重要依据。下面查看一下这个文件中的主要内容。

[root@mycentos ~]# vi /etc/services

tcpmux 1/tcp # TCP port service multiplexer

tcpmux 1/udp # TCP port service multiplexer

rje 5/tcp # Remote Job Entry

rje 5/udp # Remote Job Entry

echo 7/tcp

echo 7/udp

discard 9/tcp sink null

discard 9/udp sink null

systat 11/tcp users

systat 11/udp users

daytime 13/tcp

daytime 13/udp

qotd 17/tcp quote

qotd 17/udp quote

msp 18/tcp # message send protocol

msp 18/udp # message send protocol

chargen 19/tcp ttytst source

chargen 19/udp ttytst source

ftp-data 20/tcp

ftp-data 20/udp

# 21 is registered to ftp, but also used by fsp

ftp 21/tcp

ftp 21/udp fsp fspd

ssh 22/tcp # SSH Remote Login Protocol

ssh 22/udp # SSH Remote Login Protocol

telnet 23/tcp

telnet 23/udp

# 24 – private mail system

lmtp 24/tcp # LMTP Mail Delivery

lmtp 24/udp # LMTP Mail Delivery

smtp 25/tcp mail

smtp 25/udp mail

time 37/tcp timserver

time 37/udp timserver

rlp 39/tcp resource # resource location

rlp 39/udp resource # resource location

nameserver 42/tcp name # IEN 116

nameserver 42/udp name # IEN 116

nicname 43/tcp whois

nicname 43/udp whois

tacacs 49/tcp # Login Host Protocol (TACACS)

tacacs 49/udp # Login Host Protocol (TACACS)

re-mail-ck 50/tcp # Remote Mail Checking Protocol

re-mail-ck 50/udp # Remote Mail Checking Protocol

domain 53/tcp # name-domain server

domain 53/udp

whois++ 63/tcp

whois++ 63/udp

bootps 67/tcp # BOOTP server

bootps 67/udp

bootpc 68/tcp # BOOTP client

bootpc 68/udp

tftp 69/tcp

tftp 69/udp

gopher 70/tcp # Internet Gopher

gopher 70/udp

netrjs-1 71/tcp # Remote Job Service

netrjs-1 71/udp # Remote Job Service

netrjs-2 72/tcp # Remote Job Service

netrjs-2 72/udp # Remote Job Service

netrjs-3 73/tcp # Remote Job Service

netrjs-3 73/udp # Remote Job Service

netrjs-4 74/tcp # Remote Job Service

netrjs-4 74/udp # Remote Job Service

finger 79/tcp

finger 79/udp

http 80/tcp www www-http # WorldWideWeb HTTP

http 80/udp www www-http # HyperText Transfer Protocol

kerberos 88/tcp kerberos5 krb5 # Kerberos v5

kerberos 88/udp kerberos5 krb5 # Kerberos v5

supdup 95/tcp

supdup 95/udp

hostname 101/tcp hostnames # usually from sri-nic

hostname 101/udp hostnames # usually from sri-nic

iso-tsap 102/tcp tsap # part of ISODE.

csnet-ns 105/tcp cso # also used by CSO name server

csnet-ns 105/udp cso

# unfortunately the poppassd (Eudora) uses a port which has already

# been assigned to a different service. We list the poppassd as an

# alias here. This should work for programs asking for this service.

# (due to a bug in inetd the 3com-tsmux line is disabled)

#3com-tsmux 106/tcp poppassd

#3com-tsmux 106/udp poppassd

rtelnet 107/tcp # Remote Telnet

rtelnet 107/udp

pop2 109/tcp pop-2 postoffice # POP version 2

pop2 109/udp pop-2

pop3 110/tcp pop-3 # POP version 3

pop3 110/udp pop-3

sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP

sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP

auth 113/tcp authentication tap ident

auth 113/udp authentication tap ident

sftp 115/tcp

sftp 115/udp

uucp-path 117/tcp

uucp-path 117/udp

nntp 119/tcp readnews untp # USENET News Transfer Protocol

nntp 119/udp readnews untp # USENET News Transfer Protocol

ntp 123/tcp

ntp 123/udp # Network Time Protocol

netbios-ns 137/tcp # NETBIOS Name Service

netbios-ns 137/udp

netbios-dgm 138/tcp # NETBIOS Datagram Service

netbios-dgm 138/udp

netbios-ssn 139/tcp # NETBIOS session service

netbios-ssn 139/udp

IMAP 143/tcp imap2 # Interim Mail Access Proto v2

imap 143/udp imap2

snmp 161/tcp # Simple Net Mgmt Proto

snmp 161/udp # Simple Net Mgmt Proto

snmptrap 162/udp snmp-trap # Traps for SNMP

cmip-man 163/tcp # ISO mgmt over IP (CMOT)

… …

一、如何查看端口

netstat -an

二、如何关闭或启动一个端口

已经知道启动或关闭了多少端口后，接下来就是关闭一些不安全的服务，如何关闭呢，有一个要点，要开或关闭一个端口，只需要开启或关闭一个服务即可。例如，要关闭端口21这个比较危险的ftp端口，那么将wu-ftp或proftp关掉即可，关掉它自然就关掉端口了。所以，当检测完端口后，接下来就要找出该端口对应的服务，将该服务关掉，就会把端口关闭。下面我们试试关掉端口25。由于端口25是由sendmail启动的，用于提供smtp服务，那么我们就要关闭它。

1、查看对应的端口

[root@mycentos ~]# netstat -an | more

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:806 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

tcp 0 0 :::22 :::* LISTEN

udp 0 0 0.0.0.0:800 0.0.0.0:*

udp 0 0 0.0.0.0:803 0.0.0.0:*

Active UNIX domain sockets (servers and established)

… …

我们找到tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 这一行，说明sendmail服务开启。

2、停止服务 关闭端口

[root@mycentos ~]# /etc stop

Shutting down sm-client: [ OK ]

Shutting down sendmail: [ OK ]

或者

[root@mycentos ~]# service sendmail stop

Shutting down sm-client: [ OK ]

Shutting down sendmail: [ OK ]

这时我们再查看端口

[root@mycentos ~]# netstat -an | more

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:806 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN

tcp 0 0 :::22 :::* LISTEN

udp 0 0 0.0.0.0:800 0.0.0.0:*

udp 0 0 0.0.0.0:803 0.0.0.0:*

Active UNIX domain sockets (servers and established)

… …

发现25端口已经关闭。

如果以后想重新开启这个端口，可以用下面命令启动。

[root@mycentos ~]# /etc start （或restart）

Starting sendmail: [ OK ]

Starting sm-client: [ OK ]

或者

[root@mycentos ~]# service sendmail start （或restart）

Starting sendmail: [ OK ]

Starting sm-client: [ OK ]

还可以通过netstat -anp找到PID之后，以kill命令关闭。

三、启动服务的脚本路径

启动当前几个端口的默认路径都放在如下目录：

/etc

/etc

/etc是以RPM安装包时一定会存在的目录，这个目录记录了所有服务的启动脚本，这也就是以/etc start启动sendmail服务的原因。至于/etc目录下的文件，就是挂在xinetd这个super daemon服务下的服务包，最常见的有ftp、telnet、pop3和IMAP等，都是由xinetd统一进行管理，所以当要启动telnet时，就直接到/etc中将telnet这个文件的disable=yes改成disable=no，然后重新启动xinetd这个服务。因为telnet是由xinetd统一管理，所以要启动telnet自然要将xinetd重新启动。

/etc/xinetd restart

或者使用service命令

service xinetd restart