Thanks a lot. I'll use a combination of A & B. "netstat -an" will show all the ports including those "listening", "established" but it's the "established" ones that indicate the port is being used : These have answered my question of how to differentiate between a telnet & an ssh access to the server. A) Lsof shows list of open files , but with lsof -i:80 you will see if port 80 is in use or not - not only tell you if it's in use, but it'll tell you what's using it B) 'netstat -f inet' will show you all IPv4 ports in use; 'netstat -P tcp' shows you all TCP sockets in use, regardless of address family. You could probably cron it to run every few minutes, dump the output to a file, and with a little grepping get a list of all ports used over the next few days C) >From another machine use nmap and nmapfe D) netstat -an | awk '$1~ /\*\./ { print $0 }' Tks U On 4/25/08, sunhux G <sunhux@gmail.com> wrote: > > Hi > > > On a production server, how could I find out if a Tcp port/service > is in use? > > I plan to disable the service for audit purpose but do not want > to disrupt a needed service & there's no historical document > on the servers that I took over. > > > Will tcpwrappers help? Probably not in time for me to install > tcpwrappers as it needs to run for a week or two to get the > results but the audit issues need to close in a week's time. > > "last" command can't differentiate between a telnet & ssh > login, or can it? > > I've got some replies from Ric & Chris earlier for ftp & telnet > & Apache (which I'll summarize on Monday). Now there's > more services like : > > 100146/1 tli rpc/ticotsord /usr/lib/security/amiserv > 100147/1 tli rpc/ticotsord /usr/lib/security/amiserv > 100235/1 tli rpc/ticotsord /usr/lib/fs/cachefs/cachefsd > ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd > > > Thanks vm > U _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Sat Apr 26 00:34:15 2008
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:10 EST