通常,端口号由1至65535组成,因此有65535个端口。那么,这些端口中有为系统预定的吗?有!一般来说,只有根可以激活1至1023以下的端口。这些端口是为系统保留的。
至于大于1024以上的端口,除了给系统随机取用作为连接需求之外,也可以用来作为服务的监听之用。
保留端口与它所对应的服务其实已经在linux系统中存在一个对照表,就是/etc/services文件。这个文件是某些服务在启动时设置端口号的重要依据。下面查看一下这个文件中的主要内容。
[root@mycentos ~]# vi /etc/services
tcpmux 1/tcp # TCP port service multiplexer
tcpmux 1/udp # TCP port service multiplexer
rje 5/tcp # Remote Job Entry
rje 5/udp # Remote Job Entry
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
telnet 23/udp
# 24 – private mail system
lmtp 24/tcp # LMTP Mail Delivery
lmtp 24/udp # LMTP Mail Delivery
smtp 25/tcp mail
smtp 25/udp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/tcp resource # resource location
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
nameserver 42/udp name # IEN 116
nicname 43/tcp whois
nicname 43/udp whois
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp # Login Host Protocol (TACACS)
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
domain 53/tcp # name-domain server
domain 53/udp
whois++ 63/tcp
whois++ 63/udp
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/tcp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
netrjs-1 71/tcp # Remote Job Service
netrjs-1 71/udp # Remote Job Service
netrjs-2 72/tcp # Remote Job Service
netrjs-2 72/udp # Remote Job Service
netrjs-3 73/tcp # Remote Job Service
netrjs-3 73/udp # Remote Job Service
netrjs-4 74/tcp # Remote Job Service
netrjs-4 74/udp # Remote Job Service
finger 79/tcp
finger 79/udp
http 80/tcp www www-http # WorldWideWeb HTTP
http 80/udp www www-http # HyperText Transfer Protocol
kerberos 88/tcp kerberos5 krb5 # Kerberos v5
kerberos 88/udp kerberos5 krb5 # Kerberos v5
supdup 95/tcp
supdup 95/udp
hostname 101/tcp hostnames # usually from sri-nic
hostname 101/udp hostnames # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE.
csnet-ns 105/tcp cso # also used by CSO name server
csnet-ns 105/udp cso
# unfortunately the poppassd (Eudora) uses a port which has already
# been assigned to a different service. We list the poppassd as an
# alias here. This should work for programs asking for this service.
# (due to a bug in inetd the 3com-tsmux line is disabled)
#3com-tsmux 106/tcp poppassd
#3com-tsmux 106/udp poppassd
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop2 109/tcp pop-2 postoffice # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
auth 113/tcp authentication tap ident
auth 113/udp authentication tap ident
sftp 115/tcp
sftp 115/udp
uucp-path 117/tcp
uucp-path 117/udp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
nntp 119/udp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
IMAP 143/tcp imap2 # Interim Mail Access Proto v2
imap 143/udp imap2
snmp 161/tcp # Simple Net Mgmt Proto
snmp 161/udp # Simple Net Mgmt Proto
snmptrap 162/udp snmp-trap # Traps for SNMP
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
… …
一、如何查看端口
netstat -an
二、如何关闭或启动一个端口
已经知道启动或关闭了多少端口后,接下来就是关闭一些不安全的服务,如何关闭呢,有一个要点,要开或关闭一个端口,只需要开启或关闭一个服务即可。例如,要关闭端口21这个比较危险的ftp端口,那么将wu-ftp或proftp关掉即可,关掉它自然就关掉端口了。所以,当检测完端口后,接下来就要找出该端口对应的服务,将该服务关掉,就会把端口关闭。下面我们试试关掉端口25。由于端口25是由sendmail启动的,用于提供smtp服务,那么我们就要关闭它。
1、查看对应的端口
[root@mycentos ~]# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:806 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:800 0.0.0.0:*
udp 0 0 0.0.0.0:803 0.0.0.0:*
Active UNIX domain sockets (servers and established)
… …
我们找到tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 这一行,说明sendmail服务开启。
2、停止服务 关闭端口
[root@mycentos ~]# /etc stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
或者
[root@mycentos ~]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
这时我们再查看端口
[root@mycentos ~]# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:806 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:800 0.0.0.0:*
udp 0 0 0.0.0.0:803 0.0.0.0:*
Active UNIX domain sockets (servers and established)
… …
发现25端口已经关闭。
如果以后想重新开启这个端口,可以用下面命令启动。
[root@mycentos ~]# /etc start (或restart)
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
或者
[root@mycentos ~]# service sendmail start (或restart)
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
还可以通过netstat -anp找到PID之后,以kill命令关闭。
三、启动服务的脚本路径
启动当前几个端口的默认路径都放在如下目录:
/etc
/etc
/etc是以RPM安装包时一定会存在的目录,这个目录记录了所有服务的启动脚本,这也就是以/etc start启动sendmail服务的原因。至于/etc目录下的文件,就是挂在xinetd这个super daemon服务下的服务包,最常见的有ftp、telnet、pop3和IMAP等,都是由xinetd统一进行管理,所以当要启动telnet时,就直接到/etc中将telnet这个文件的disable=yes改成disable=no,然后重新启动xinetd这个服务。因为telnet是由xinetd统一管理,所以要启动telnet自然要将xinetd重新启动。
/etc/xinetd restart
或者使用service命令
service xinetd restart
相关推荐
- 1 吃啥水果健脾养胃
- 2 什么叫返款充值
- 3 什么叫云服务
- 4 个人网站要多少钱
- 5 ftb如何使用
- 6 74a是多大腰围
- 7 2升洗衣液是多少斤
- 8 我国先后将多少只圈养大熊猫放归自然
- 9 含笑花的养殖方法,含笑花养殖时候需要注意什么
- 10 nl是哪个国家的缩写