本文讲述怎样在Apple电脑上查看监听端口。这可能是最重要的潜在漏洞。同时,监听外部网络的端口会占用一点CPU,因此会消耗电力从而减少电池生命。

通过『网络实用工具 』列出监听端口

  1. 按下Command + Spacebar组合键

  2. 键入网络实用工具Network Utility进行应用查询

  3. 回车启动网络实用工具App

    image-20191028143458143

  4. 选择『端口扫描』tab

    image-20191028143458143

  5. 输入IP(如127.0.0.1)或域名,点击『扫描』按钮进行扫描。

使用『lsof』工具来列出监听端口

  1. 打开一个命令行终端,输入以下命令进行查询

    $ lsof -nP +c 15 | grep LISTEN
COMMAND			PID					USER	FD	   TYPE	DEVICE					  SIZE/OFF		  NODE	NAME
nginx           80252               root    6u     IPv4 0xcb6da1ece1a06efb        0t0         TCP *:80 (LISTEN)
nginx           80253             nobody    6u     IPv4 0xcb6da1ece1a06efb        0t0         TCP *:80 (LISTEN)

    lsof是”list open files”的缩写,不指定任何可选参数的时候,lsof列出机器上所有活动进程打开的所有文件。

    -nP: n指不使用DNS将hostname转成IP, P指不使用端口名表示而是使用端口数字值表示(比如显示80而不是显示http)。

    +c 15: 指定Command(第一列)名称宽度为15字符。

    grep LISTEN: 过滤出只包含LISTEN的结果。

    显示结果中的”FD”列指文件描述符,’u’ 是读写模式,’r’是读模式,’w’是写模式。

    sudo lsof -nP +c 15 | grep LISTEN:使用root用户来查看所有监听端口,包括:

    保留端口:0~1023

    注册端口:1024~49151

    动态/私有端口:49152~65535。

    TCP 和 UDP:

    TCP (Transmission Control Protocol) is the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP on ort 53.

    UDP (Datagram Protocol) is connectionless and does not guarantee reliable communication; it’s up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming, where dropping some packets is preferable to waiting for delayed data.