hi all
1) how to determine available ports in a box (solaris)
do i have to go for a netstat on all the ports?
2) how to block a particular port for a particular type of connection.
Any help would be greatly appreciated
Thanks
As far as checking ports and their usage, netstat and lsof (which you may need to d/l, compile and install if not present) are the commands for you.
netstat -an | grep "\.389.*LISTEN"
Will show you if LDAP is Listening, for example.
You can refine the grep to extract the exact results you want.
Cheers
ZB
thanks for the reply
i believe lsof command uses the following file
/dev/kmem
on the stranger part
i tried on server1 - it was working fine and i could all the information that i needed
and when i tried it on server2 - it was showing permission denied
i checked the permissions for the file on either of the servers and it was the same
could you please explain why its show different behaviour.
I do need one more clarification.
Ports indicating LISTEN status are the ones picked by the process and opened to accept connections right?
There is no list of acceptable ports which could hereby be opened and connected.
I think i am making myself clear. Kindly revert if i had to explain my question in detail.
Thanks
edit your /etc/services file you will see all ports and which ones you can close
thanks for the reply
i believe we can have only the list of ports registered in /etc/services
i dont think we can get a list of ports that are blocked or prevented from connecting from any of the requests
can u please clarify on this.
As always I am a bit lost here.
Port starts from 0 (or 1 I don't remember) all the way up to 32555 (or sth similar). A port allocated by an active process (either serve or client) can be found by netstat. Everything else is not being used and so "available" for a process to allocate.
/etc/services is a differenet thing which may have implication for inetd or xinetd only. A port does not have to be "registered" in this file to be used by a process which has nothing to do with inetd.
There are more than one approaches to block a port. Conventional approach is via tcpwrapper. Now, people are more likely using (soft- or hardware based) firewall such as iptables in Linux.
I hope it answered all of your questions.
Another option is nmap. You can use that to check open ports on other machines on your network as well.
]$ nmap -p 1-$MAX_PORTS
Use netfilter's iptables utility
I think you should check $PATH for your user on server2 and see if it's the same as $PATH on server1. I can't think of another reason for this. If you want to check if the problem is the $PATH, you might want to execute the full command path (ex: /usr/bin/lsof)
Good luck!