Network Service Ports
From Mac OS X Server FAQ
Contents |
Network Service Ports
Internet Protocol, the IP in TCP/IP, provides a system for addressing hosts on a network. However, it is the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) that perform the bulk of facilitating communication between the various client and server applications out there. In order to allow a single machine to handle multiple connections, TCP and UDP also have an addressing scheme. This scheme makes use of ports.
A port represents a single connection on the machine. Each session is given a unique port number, somewhere between 1 and 65,535. When your web browser connects to a web site, it will attempt to speak to the web server software on a well-known port. To provide consistency for network clients, developers of server applications agree to standardize upon the ports that a given protocol will use. For example, the well-known port for web servers (HTTP) is 80/tcp. The File Transfer Protocol (FTP) has two well-known ports (20/tcp and 21/tcp).
There are several ways to go about finding which ports a specific service uses. Some of those provided below revolve around use of the Terminal, so you should feel comfortable with entering a few simple commands before attempting those methods.
Using the /etc/services file
The first place to check is the /etc/services file. This file contains a long list of well-known ports. Each listing starts with the name of the service, its port/protocol, and a small comment about the service. For example:
ftp-data 20/udp # File Transfer [Default Data] ftp-data 20/tcp # File Transfer [Default Data] ftp 21/udp # File Transfer [Control] ftp 21/tcp # File Transfer [Control] ssh 22/udp # SSH Remote Login Protocol ssh 22%
Using lsof
Another tool you can use is the lsof command. In this case, you must know the name of the daemon that is hosting the service. As an example, I will use the smbd daemon, which is part of the Samba package (Mac OS X's Windows file services). One important thing to note is that services often run as root or a daemon-specific user account. Because of this, you must call lsof with superuser privileges. For security reasons, lsof only shows you information specific to your processes unless you run the command as root.
To find out which ports the smbd service is using, you can issue the command sudo lsof -n -P -c smbd -a -i. It will present information similar to the following:
smbd 456 root 13u IPv4 0x02b274c8 0t0 TCP *:445 (LISTEN) smbd 456 root 14u IPv4 0x02b2777c 0t0 TCP *:139 (LISTEN) smbd 2727 root 6u IPv4 0x03090f60 0t0 TCP 192.168.79.5:139->192.168.46.246:1037 (ESTABLISHED)
As you can see, the smbd daemon is listening on TCP ports 139 and 445.
Using netstat
netstat makes it easy to display all listening TCP ports; that is, network sockets that are open and awaiting a connection.
To see a list of such ports, execute the command: netstat -na | grep LISTEN. Example output is shown below:
tcp4 0 0 *.21 *.* LISTEN tcp4 0 0 127.0.0.1.10000 *.* LISTEN tcp4 0 0 1.2.3.4.80 *.* LISTEN
The first line indicates that a service is listening upon port 21 and can be reached over any network interface. The second line shows that the server daemon on port 10000 can only be reached if the connection is made to 127.0.0.1 (meaning that the connection must also originate from localhost, as that is the only way to reach localhost - e.g. the server can connect to itself on this port). The web server on port 80 can be reached, but only if the connection is made to IP 1.2.3.4, the IP of one of the server's network interfaces.
Apple specific services
A great place to check for information about Apple specific daemons is the Apple Support Site. The "Well Known" TCP and UDP Ports Used By Apple Software Products is particularly valuable for finding out what ports an Apple unique application uses.
