1. Introduction
IP addresses uniquely identify devices on a network. Meanwhile, ports differentiate between services on a device. Together, they enable communication and data exchange between devices via the TCP and IP protocols, playing a crucial role in the proper functioning of the Internet.
In this tutorial, we’ll discuss how to find the IP address and port used by a given installation of the Apache HTTP server.
First, we’ll discuss the lsof command, followed by an exploration of the netstat command. Subsequently, we’ll look into the ss command. After that, we’ll employ the nmap command to obtain the Apache IP addresses and ports. Moreover, we’ll discuss the apachectl command. Lastly, we’ll look into httpd.conf to view which IPs and ports are used by Apache.
2. Using the lsof Command With grep
To begin with, we can use the lsof command to check the IP address and port used by the Apache server.
lsof is a Linux command that shows the relation between open files, processes, and network connections on a system. Moreover, it aids in troubleshooting by identifying each process and revealing resource usage. In particular, lsof can show details about file descriptors and network sockets.
Now, let’s use the lsof command, and pipe its output to grep:
$ sudo lsof -i -P -n | grep apache2
apache2 1687 root 4u IPv6 25609 0t0 TCP *:80 (LISTEN)
apache2 1689 www-data 4u IPv6 25609 0t0 TCP *:80 (LISTEN)
apache2 1690 www-data 4u IPv6 25609 0t0 TCP *:80 (LISTEN)
apache2 1691 www-data 4u IPv6 25609 0t0 TCP *:80 (LISTEN)
apache2 1692 www-data 4u IPv6 25609 0t0 TCP *:80 (LISTEN)
apache2 1693 www-data 4u IPv6 25609 0t0 TCP *:80 (LISTEN)On distributions like CentOS, we may have to use httpd instead of apache2:
$ lsof -i -P -n | grep httpd
httpd 1027 root 4u IPv6 25240 0t0 TCP *:80 (LISTEN)
httpd 1068 apache 4u IPv6 25240 0t0 TCP *:80 (LISTEN)
httpd 1069 apache 4u IPv6 25240 0t0 TCP *:80 (LISTEN)
httpd 1070 apache 4u IPv6 25240 0t0 TCP *:80 (LISTEN)This command lists open network connections with numerical port and IP address details. The grep apache2 filter is applied to narrow down results to processes related to the Apache web server. Notably, we could also use just apache or httpd as a filter, but that might show some false positives.
Now, let’s break down the command and its options:
- -i displays information related to network connections
- -p prevents the conversion of port numbers to port names
- -n prevents the conversion of network numbers to host names
From the output, the *:80 part indicates that Apache is listening on all available network interfaces * for incoming connections on port 80. Port 80 is the default port for HTTP, which is the protocol used for serving web pages.
The use of *:80 means that Apache is not restricted to listening only on localhost, but on all available network interfaces.
3. Using the netstat Command
Similarly, we can use the netstat command to look for the IP and port that Apache uses.
netstat is a command-line utility, offering insights into network connections, routing tables, and interface statistics on Linux operating systems. Furthermore, it assists in monitoring network activity, identifying open ports, and troubleshooting network-related issues.
3.1. Exploring Active Connections
Here, we use the netstat command with the -tlp flags:
$ sudo netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 704/sshd: /usr/sbin
tcp6 0 0 [::]:1716 [::]:* LISTEN 1252/kdeconnectd
tcp6 0 0 [::]:ssh [::]:* LISTEN 704/sshd: /usr/sbin
tcp6 0 0 [::]:http [::]:* LISTEN 1662/apache2In the above code, the command displays data about active TCP connections. In particular, it shows information about listening sockets and the associated processes with their process IDs.
Let’s break down the code to gain a better understanding:
- -t shows only TCP connections since HTTP uses that as its transport protocol
- -l lists active listening sockets with associated services or applications
- -p displays PID and program names associated with each socket
From the output, we can see that Apache with process ID 1662 is listening on both IPv4 and IPv6 interfaces for incoming connections on the HTTP port. The address 0.0.0.0 and [::] indicates that the server is configured to accept connections from any available network interface, making it accessible from external sources.
3.2. Using netstat With the grep Command
Since the above output displays all the active connections, we can use the grep command to specifically filter the apache2 service:
$ sudo netstat -tlp | grep apache2
tcp6 0 0 [::]:http [::]:* LISTEN 6678/apache2Let’s break down the above output:
- [::]:http specifies that the Apache server is listening on all available IPv6 interfaces for incoming connections on port 80
- [::]:* indicates that there is no specific foreign address specified
- LISTEN implies that the server is in a listening state, waiting for incoming connections
This output confirms that Apache is actively listening on port 80 for incoming connections over IPv6. The absence of a specific foreign address means that the server can accept connections from any remote IP address, not just from localhost.
To run the same command on CentOS systems, we use the httpd service instead of apache2:
$ netstat -tlp | grep httpd
tcp6 0 0 [::]:http [::]:* LISTEN 1037/httpdThis output confirms that the Apache server is listening over IPV6 on port 80.
4. Using the ss Command
Another method to get the IP addresses and ports related to the Apache HTTP server is by using the ss command.
Its name stands for socket statistics because the ss command provides information about network sockets. Moreover, on modern operating systems, the ss command supersedes the older netstat command. It offers an updated and more comprehensive alternative to netstat.
Now, let’s execute ss with the relevant flags:
$ sudo ss -tlwnp | grep LISTEN
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=599,fd=3))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=599,fd=4))
tcp LISTEN 0 511 :80 *: users:(("apache2",pid=10724,fd=4),("apache2",pid=10723,fd=4),("apache2",pid=10722,fd=4),("apache2",pid=10721,fd=4),("apache2",pid=10720,fd=4),("apache2",pid=10718,fd=4))
tcp LISTEN 0 50 :1716 *: users:(("kdeconnectd",pid=1145,fd=17))The command ss -tlwn retrieves detailed information about network sockets, focusing on TCP sockets. It displays details about listening and raw sockets. Further, addresses are numerical to ensure proper identification.
Now, let’s break down the command for better understanding:
- -t displays TCP sockets
- -l shows only listening sockets
- -w shows raw sockets
- -n displays numerical addresses instead of resolving them to hostnames
- -p displays the process ID
From the output, we can see multiple processes for Apache, identified by the apache2 label. This is because Apache uses a multi-process or multi-threaded model to handle incoming connections. Each Apache worker process or thread is responsible for handling a specific connection or request. This is a common approach for web servers to handle a large number of concurrent connections.
Furthermore, the asterisk * in the Local Address column indicates that Apache binds to all available interfaces and addresses on both IPv4 and IPv6. In addition, the absence of a specific foreign address implies that the server is configured to accept connections from any remote address.
5. Using the nmap Command
An alternative way to obtain the IP addresses and ports associated with the Apache server is to utilize the nmap command.
Nmap is a powerful open-source tool for network exploration and security scanning, providing insights into device discovery, open ports, and vulnerabilities. Additionally, commonly used for network reconnaissance and security assessments, it involves identifying hosts, services, and potential risks.
Since it may not be available by default on many Linux distros, we install nmap using the apt utility:
$ sudo apt install nmapNow, let’s proceed to execute the command to get the IP and port:
$ sudo nmap -p 80 localhost
Starting Nmap 7.92 ( https://nmap.org ) at 2024-01-16 06:32 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
1716/tcp open xmsg
Nmap done: 1 IP address (1 host up) scanned in 1.21 seconds class="language-bash">
The output from the nmap command shows that port 80 is open, and the service associated with this port is HTTP. However, this command doesn’t specifically mention the IP address or services running on ports.
Still, the fact that port 80 is open suggests that there is a web server running on localhost. To find out more about the web server, we can check the configuration files or use other commands such as netstat and ss. Alternatively, we can also use the ps command to check the running web server processes.
6. Using apachectl
The apachectl command displays the Apache server’s virtual host configuration, summarizing information such as IP addresses, ports, and defined virtual hosts.
Therefore, this is a useful tool for troubleshooting and reviewing the current state of Apache’s configuration to get the expected address and port it’s listening on.
Now, let’s execute apachectl to view the current settings:
$ apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_usedHere, the output shows that Apache is configured to listen on all available IP addresses, which is indicated by *. In addition, it listens port 80.
Moreover, it specifically mentions the IP address 127.0.1.1 in the context of the default virtual host configuration. Hence, the use of * means that Apache should respond to requests on all available IP addresses.
Therefore, based on this configuration, Apache is listening on port 80 for all available IP addresses, including 127.0.1.1.
7. Using the httpd.conf File
Another approach to get the IP addresses and ports related to the Apache server is by checking the httpd.conf file.
The httpd.conf is the primary configuration file for the Apache HTTP Server, situated in the Apache configuration directory. It serves as a crucial tool for administrators to customize server behavior and manage virtual hosts.
To check which port Apache is listening to, we use the httpd.conf configuration file with the grep command:
$ grep -i "listen" /etc/httpd/conf/httpd.conf
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on a specific IP address, but note that if
#Listen 12.34.56.78:80
Listen 80In the above code, we use the grep command to scan the HTTP configuration file /etc/httpd/conf/httpd.conf. The result reveals that Apache is configured to listen on port 80 for all available IP addresses, as seen in the uncommented line Listen 80. The commented example #Listen 12.34.56.78:80 illustrates the way to specify a specific IP address for Apache to listen on port 80.
Therefore, Apache is set to listen on all interfaces 0.0.0.0 or :: for IPv6 for port 80.
8. Conclusion
In this article, we discussed how to find the IP and port used by the Apache HTTP server.
Initially, we looked at the lsof command, followed by the netstat command. Subsequently, we learned about the upgraded ss command. After that, we used nmap to obtain IP addresses and ports utilized by Apache. Moreover, we saw how to use the apachectl command to find the Apache port and IP. Finally, we examined the httpd.conf file for the same.