Page 1 of 1

Can I monitor connections to open ports?

Posted: Tue Jan 15, 2019 6:44 pm
by VoxelMints
I block all ports in my firewall, except those necessary for visiting websites.

Is there a way to monitor what ports a program tries to use so I can open them?

Thanks for the help.

Re: Can I monitor connections to open ports?

Posted: Wed Jan 16, 2019 10:07 am
by WharfRat
Try watch netstat -tanp

Re: Can I monitor connections to open ports?

Posted: Wed Jan 16, 2019 10:22 am
by trytip
VoxelMints wrote:
Tue Jan 15, 2019 6:44 pm
I block all ports in my firewall, except those necessary for visiting websites.
Thanks for the help.
i don't understand why you need open ports for websites. the only ports i allow are for file transfers with nitroshare and dukto which i share files through the wireless router.

which websites need open ports?

also you'll find out that then may be closed or undetected. go to https://www.grc.com/x/ne.dll?bh0bkyd2 click proceed, then enter a range of ports to test for open/closed status. under You may select any service from among those listed above . . . put a range of ports that includes your open something like 34560-34570 (the site will only test 64 ports at a time. 10 is good enough in the range 60 would take too long to confirm

Re: Can I monitor connections to open ports?

Posted: Wed Jan 16, 2019 12:40 pm
by VoxelMints
It seems I struggle with wording my questions clearly. That's my fault. :(

I have Incoming and Outgoing connections set to reject. I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.

I decided to drop the idea, it was proving too difficult to open ports for individual programs with restricted firewall settings like mine. I'll try the suggestions mentioned here, Thanks for the help.

Re: Can I monitor connections to open ports?

Posted: Wed Jan 16, 2019 1:09 pm
by phd21
Hi VoxelMints,

I just read your post and the good replies to it. Here are my thoughts on this as well.

+1 for WharfRat's reply...
VoxelMints wrote:I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.
You do not need to open (allow incoming, add firewall rules) on those ports for your system to work normally like visiting websites unless you are running your own DNS server or your own web server or web server apps. The typical user just needs to turn on (enable) the Linux firewall. If you add some Internet-enabled applications that require adding firewall rules they should say so in their instructions or want to access other computers on a network, or for accessing your computer remotely with certain applications, then you will have to add firewall rules.
VoxelMints wrote:I have Incoming and Outgoing connections set to reject.
Not necessary. With the firewall enabled, all incoming is rejected by default and you need outgoing to access the Internet.

How to Check for Open Ports in Linux - Make Tech Easier
https://www.maketecheasier.com/check-open-ports-linux/

Code: Select all

sudo netstat -atup
I have found it interesting and sometimes necessary to check what ports my system is using with the firewall turned off temporarily to improve my Internet security and to see what certain applications like some media servers are using so I can add firewall rules for ports they need to use so they will work properly (if they did not provide all the required firewall ports information).

Hope this helps ...

Re: Can I monitor connections to open ports?

Posted: Wed Jan 16, 2019 2:41 pm
by VoxelMints
phd21 wrote:
Wed Jan 16, 2019 1:09 pm
VoxelMints wrote:I open ports 53 for DNS, and 443 for HTTPS so I'm able to visit websites.
You do not need to open (allow incoming, add firewall rules) on those ports for your system to work normally like visiting websites unless you are running your own DNS server or your own web server or web server apps. The typical user just needs to turn on (enable) the Linux firewall. If you add some Internet-enabled applications that require adding firewall rules they should say so in their instructions or want to access other computers on a network, or for accessing your computer remotely with certain applications, then you will have to add firewall rules.
Yes, I allow ports 53, and 443 only outgoing access, and it works fine. I decided to set outgoing connections to "allow" on a per application basis as a solution. I'm still considering the advice mentioned here though.

Re: Can I monitor connections to open ports?

Posted: Fri Jan 18, 2019 12:22 am
by trytip
when you open gufw (firewall) you will see in the report tab what is using the internet connections.

Re: Can I monitor connections to open ports?

Posted: Mon Jan 21, 2019 4:19 pm
by VoxelMints
I noticed the report tab wouldn't show Firefox connected or it's open ports. It's probably because the ports Firefox uses were already opened. But it would be nice if it showed everything opening a port.

I'm very paranoid about knowing what process is using the internet. And I miss this functionality in Linux Mint so far.

Re: Can I monitor connections to open ports?

Posted: Mon Jan 21, 2019 4:33 pm
by phd21
Hi trytip, VoxelMints, etc...
trytip wrote:when you open gufw (firewall) you will see in the report tab what is using the internet connections.
Thanks. I never noticed that reports tab in the Linux firewall before and it even allows you to add a firewall rule for an application listed automatically entering in the port as well. I had to click its "pause" button so that it would stop continuously updating itself.

To: VoxelMints: The firewall reports tab shows my Slimjet browser but not everything else I am using. And you still have the commands like "sudo netstat -atup".

Re: Can I monitor connections to open ports?

Posted: Mon Jan 21, 2019 5:09 pm
by trytip
in Terminal (maximized to get a better output)

Code: Select all

sudo netstat -atnp | grep ESTABLISHED | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'
for all connections including local

Code: Select all

sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

Re: Can I monitor connections to open ports?

Posted: Tue Jan 22, 2019 8:12 am
by Hoser Rob
I think there may be some Linux beginner confusion about Windows v Linux here, Linux doesn't leave unused network ports open by default like WIndows does. This is one of the reasons it's so much more secure than WIndows.

For example, I've done distro hopping on my old netbook in the past. A few times, after reinstalling I forgot to turn on the firewall at first. I did this for a month once. This is on a machine that I don't use at home, just out and about in cafe etc hotspots. I NEVER got hacked. How many milliseconds would that have taken in Windows?

Re: Can I monitor connections to open ports?

Posted: Tue Jan 22, 2019 5:07 pm
by VoxelMints
trytip wrote:
Mon Jan 21, 2019 5:09 pm
in Terminal (maximized to get a better output)

Code: Select all

sudo netstat -atnp | grep ESTABLISHED | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'
for all connections including local

Code: Select all

sudo netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'
Hoser Rob wrote:
Tue Jan 22, 2019 8:12 am
I think there may be some Linux beginner confusion about Windows v Linux here, Linux doesn't leave unused network ports open by default like WIndows does. This is one of the reasons it's so much more secure than WIndows.
I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.

I disabled Cups, and Avahi, I think I'm covered on the networking side. Samba is not installed by default.

Re: Can I monitor connections to open ports?

Posted: Wed Jan 23, 2019 12:56 am
by trytip
VoxelMints wrote:
Tue Jan 22, 2019 5:07 pm
I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.
you can still run the command without sudo but you will only get connection info for the current user. the root connections won't be displayed.

Code: Select all

netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'

Re: Can I monitor connections to open ports?

Posted: Wed Jan 23, 2019 7:21 pm
by VoxelMints
trytip wrote:
Wed Jan 23, 2019 12:56 am
VoxelMints wrote:
Tue Jan 22, 2019 5:07 pm
I can't seem to run netstat or lsof commands with sudo because I use a user account, not an admin account. Using an "admin" account means I need to log in with the same password that is used to make "sudo" system changes which makes me nervous.
you can still run the command without sudo but you will only get connection info for the current user. the root connections won't be displayed.

Code: Select all

netstat -atnp | grep "ESTABLISHED\|LISTEN" | awk '{printf "%-25s %-10s %-25s %-20s\n",$7,$1,$4,$5}' | sed /^-/d | sed 's/\//  /g'
Cool, thanks trytip.

Re: Can I monitor connections to open ports?

Posted: Fri Jan 25, 2019 4:08 pm
by VoxelMints
If I remember correctly with Mint 19 I used to open port 53, 443, and 80. And my programs connected fine.

Has anything changed with how Mint 19.1 handles program connections recently?