TransWikia.com

How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)

Unix & Linux Asked by YnSkn on February 28, 2021

I need to find out how many services are listening to my interfaces (ipv4 only, not localhost)

$ ifconfig

ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.129.56.137  netmask 255.255.0.0  broadcast 10.129.255.255
        inet6 dead:beef::250:56ff:feb9:8c07  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:56ff:feb9:8c07  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b9:8c:07  txqueuelen 1000  (Ethernet)
        RX packets 3644  bytes 330312 (330.3 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3198  bytes 679711 (679.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 15304  bytes 895847 (895.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 15304  bytes 895847 (895.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ nmap 10.129.56.137

Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-05 05:23 UTC
Nmap scan report for 10.129.56.137
Host is up (0.000086s latency).
Not shown: 991 closed ports
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
110/tcp open  pop3
139/tcp open  netbios-ssn
143/tcp open  imap
445/tcp open  microsoft-ds
993/tcp open  imaps
995/tcp open  pop3s

Nmap done: 1 IP address (1 host up) scanned in 10.57 seconds

I thought the answer was 9 but there must be a way to find the correct answer.
Cheers in advance!

4 Answers

netstat -tunleep4 | grep -v "127.0.0"

Correct answer by Artem S. Tashkinov on February 28, 2021

netstat -ln4 | grep LISTEN | grep -v 127 | wc -l

Description:

netstat
-l, --listening          display listening server sockets
-n, --numeric            don't resolve names

-4
   --protocol=family, -A
       Specifies  the  address  families  (perhaps  better described as low level protocols) for which connections are to be
       shown.  family is a comma (',') separated list of address family keywords like inet, inet6, unix, ipx, ax25,  netrom,
       econet,  ddp,  and bluetooth.  This has the same effect as using the --inet|-4, --inet6|-6, --unix|-x, --ipx, --ax25,
       --netrom, --ddp, and --bluetooth options.

       The address family inet (Iv4) includes raw, udp, udplite and tcp protocol sockets.

       The address family bluetooth (Iv4) includes l2cap and rfcomm protocol sockets.

grep LISTEN - just lines with the LISTEN word

grep -v 127 - just lines without the 127

wc -l - count result lines

Visual explaining here - https://explainshell.com/explain?cmd=netstat+-ln4+%7C+grep+LISTEN+%7C+grep+-v+127+%7C+wc+-l

Answered by SanŚ́́́́Ý́́́́Ś́́́́ on February 28, 2021

From man netstat:

This program is mostly obsolete. Replacement for netstat is ss.

At this point, I think this will be the best option:

ss -l -4 | grep -v "127.0.0" | grep "LISTEN" | wc -l

Where:

  • -l: show only listening services
  • -4: show only ipv4
  • -grep -v "127.0.0": exclude all localhost results
  • -grep "LISTEN": better filtering only listening services
  • wc -l: count results

Answered by user3219596 on February 28, 2021

netstat -tunleep4 | grep -v "127.0.0" | awk '{print $6}' | grep LISTEN | wc -l
$6 might be different among OS

Answered by Alvin Smith on February 28, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP