How Do I Check Which Services Are Listening on All IPv4 Interfaces (Excluding Localhost)?

By
Aaron Garnes
-
0
0
Asked By TechieExplorer92 On

I'm currently auditing a Debian 12 server and need to identify all services that are listening on **all IPv4 interfaces**, while excluding those tied to **localhost (127.0.0.1)**. So far, I've tried running the following command:

`ss -tuln | grep -v "127.0.0.1" | awk '$5 !~ "/:::/ {print $5}' | cut -d: -f2 | sort -u`

I've got a few questions about this:
1. Is my command accurate for this purpose?
2. Should I consider using **netstat** instead of **ss** for systems that are older or considered legacy?
3. How can I also filter out IPv6 addresses (like `::`) without making my command overly complex?

I'm looking to identify any potentially exposed services, such as MySQL or Redis, that might be bound to [0.0.0.0](http://0.0.0.0) or other external IP addresses.

5 Answers

Answered By OldTimerDev19 On

This isn't just a bash question—it varies between operating systems. On Linux, you could run `ss -4nl ! src 127.0.0.1`. Keep in mind that the command syntax can change based on the OS you're using.

Answered By SystemSage44 On

Your command isn't quite accurate. By omitting the TCP/UDP distinction, you're mixing types in your output. For matching legacy systems, consider if you actually need `ss`; if you can't use it on certain systems, then go for `netstat`. To filter out IPv6 while keeping it simple, just add the `-4` flag: `ss -4tuln '! src 127.0.0.0/8' | awk '{split($5, local, /:/); print local[2]"/"$1}' | sort -nu`.

Answered By NetworkNinja77 On

Both `netstat` and `ss` have options for filtering, specifically `-4` for IPv4 and `-6` for IPv6. Since you're on Debian 12, `ss` should do just fine. If you're dealing with legacy systems, `netstat` might be the better choice. You could use `-tuln4` with either command to focus on IPv4 sockets.

Answered By AuditAce88 On

Don't forget about using `auditd` logs to capture everything related to binding. It gives you a full view and is more comprehensive than just checking current sockets.

Answered By CommandBuddy21 On

A simple command you can try is `netstat -ntlpu4`. Just make sure to run it as root to see all the details.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.