Academy, Linux Fundamentals. How many services are listening on the target system on all interfaces

@Su8Z3r0 said:

Can someone give me a clue for this one please ?

I’ve tried the following commands none have given me the correct answer;

netstat -tunleep4 | grep -v “127.0.0”

ss -l -4 | grep -v “127.0.0” | grep “LISTEN” | wc -l

So, I’d suggest thinking through what you are trying to do.

When you run netstat, you want everything that is listening, why are you excluding references to localhost?

Also I’d double-check the switches you are using with netstat. I find -ano is quite a useful one for general use.

Lastly, make sure you are running this on the target system, not your system.

did u get answer ?

I’m wondering about this as well, because every combination I am trying, the answer is still wrong with the output. I’ve tried netstat -luntp | grep “LISTEN” | wc -l , nmap localhost -p 1-65535 | wc -l, ss -l -4 | grep “LISTEN” | wc -l, but all the output that is returned is still apparently the wrong answer.

ss -l -4 | grep -v “127.0.0” | grep “LISTEN” | wc -l

1 Like

ss -l -4 | grep -v “127.0.0” | grep “LISTEN” | wc -l

i’m not sure why but it didn’t look like it let me post the “slashes”

grep -v “127slash.0slash.0”

I find the Question to be a bit misleading given it mentions (Not on localhost and IPv4 only)
to get the correct answer you have to exclude grep -v “127.0.0”

ah! what was confusing me was the statement “Not on localhost and IPv4 only”. I was interpreting this as "Not only limited to localhost and IPv4 " so i was thinking… -not only limited to localhost (as in include EVERYTHING - including localhost) -not only limited to IPv4 (as in include IPv4 and IPv6) I was sort of trying to get to opposite to the required answer. At least got the LISTENING part correct :smile:

4 Likes

If anyone has any issues try this, as you want what is listening on ipv4 only (0.0.0.0) which forces the daemon to listen on ipv4 only.
netstat -luntp | grep “0.0.0.0” | grep -v “127.0.0” | grep “LISTEN” | wc -l

1 Like

try out this command it’ll work
$ netstat -ln4 | grep LISTEN | grep -v 127 | wc -l

6 Likes

$ netstat -ln4 | grep LISTEN | grep -v 127 | wc -l

for other confused learners like me:

netstat -ln4 - services that are listening, with numeric addresses, and using the ipv4 protocol as opposed to ipv6 or unspecified
grep LISTEN - find results containing the word “LISTEN”
grep -v 127 - exclude any results that contain the number “127”
wc -l - count the number of lines

6 Likes

This 2 methods work:

  1. netstat -l4 | grep “LISTEN” | grep -v “localhost” | wc -l

you could also use a far less simple command → netstat -l | grep “tcp” | grep -v “tcp6” | grep -v “localhost” | wc -l

  1. ss -l4 | grep “LISTEN” | grep -v “127.0.0.*” | wc -l

I am not sure why <grep “LISTEN”> is needed since the filter -l should return listening only. If not used, then UDP services will list as well. Any clues why?

This was exactly the logic i made. Thank you for clarifying.

systemctl |grep listening| wc -l

I do it in this way and work very perfect

netstat -luntp | grep “0.0.0.” | grep -v “127.0.0” | grep “LISTEN” | wc -l 2>/dev/null

ss -l -4 | grep -v “127.0.0” |grep “LISTEN”| wc -l

netstat -l | grep “tcp” | grep -v “tcp6” | grep -v “localhost” | wc -l

curl -s https://www.inlanefreight.com | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u | wc -l

Description:

  • curl -s retrieves the HTML content of the webpage https://www.inlanefreight.com in a silent mode without showing progress meter or error messages.
  • grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" searches for all the links within the HTML content of the webpage by matching the regular expression (http|https)://[a-zA-Z0-9./?=_-]*. This regular expression matches any string that starts with http:// or https:// followed by any combination of letters, digits, slashes, question marks, underscores, and dashes.
  • sort -u sorts and removes any duplicate links from the output.
  • wc -l counts the number of lines in the output, which represents the total number of unique links found on the webpage.

ss -l -4 | tr “.” " " | column -t | grep LISTEN | grep -v “127” | wc -l

worked for me all fine

tr - replaces the dots with spaces
column separates everything into columns
grep then we filter LISTEN
grep -v filters out 127
wc gives you your answerr

$ netstat -ln4t | grep -v 127 | wc -l

1 Like

netstat -l4t | awk ‘{print $4, $6}’ | grep 0.0.0.* | wc -l

1 Like