How to Find All Open Ports (Listening Ports) on Ubuntu Linux
This brief tutorial shows students and new users how to find all ports in use or listening ports when using Ubuntu Linux systems.
The steps below should be handy if you’re a server administrator or web admin and want to ensure that only approved ports are opened on your Ubuntu Linux server.
Most servers built for public access will have services that listen to their assigned ports for communication. In some cases, ports that are not in use will stay open, which may lead to them being exploited.
Ubuntu comes with some default commands that can be used to scan your servers for open ports. The steps below will show you how to use some of these commands to identify listening ports and how to find them.
Since you can’t have two services listening on the same port, it’s a good chance that you may have ports you’re probably not using, and you’ll want to close them.
A network port is identified by its number, the associated IP address, and the type of communication protocol, such as TCP or UDP.
To identify listening ports on Ubuntu, follow the steps below:
Use the netstat Command
netstat is a command-line tool that can provide information about network connections, including IP addresses, ports, and services communicating on these ports.
If you don’t already netstat tool installed, use the commands below to install it.
sudo apt install net-tools
If you want to list all ports available on a server, you run the commands below:
For detailed command options, view the bullet below:
- -t Show TCP ports.
- -u Show UDP ports.
- -n Show numerical addresses instead of resolving hosts.
- -l Show only listening ports.
- -p Show the PID and name of the listener’s process.
When you run the Command above with the options, you should see similar lines as below:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 486/systemd-resolve tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2851/cupsd
That should give you a lot of information.
However, if you only want to see a specific service name or port, you can use the netstat Command with the option above with grep.
The example below shows you to scan for open ports and only list port 22.
sudo netstat -tnlp | grep :22
You should see a similar line below:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 25538/sshd tcp6 0 0 . 22 . * LISTEN 25538/sshd
The Command above using grep shows port 22 only, and sshd service is listening on that port.
Use the ss Command
netstat is not installed on Ubuntu by default. The ss command is installed as a replacement for netstat. As with netstat, the ss command displays network information on Linux systems.
netstat and ss commands share almost the same command options. So if you’re used to netstat, the ss command should work almost the same.
To view all listening ports on Ubuntu using the ss command, run the Command below:
You should see a similar screen as shown below:
NetidState Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=486,fd=12)) udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=782,fd=6)) tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=2851,fd=6)) The output above is similar to the netstat Command we ran previously.
Use the lsof Command
The lsof Command is another powerful utility available to Linux systems that allows you to display networking information.
To list all listening TCP ports using the lsof Command, run it with the options below:
sudo lsof -nP -iTCP -sTCP:LISTEN
You should see similar lines as shown below:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd-r 486 systemd-resolve 13u IPv4 15733 0t0 TCP 127.0.0.53:53 (LISTEN) cupsd 2851 root 6u IPv6 36958 0t0 TCP [::1]:631 (LISTEN) cupsd 2851 root 7u IPv4 36959 0t0 TCP 127.0.0.1:631 (LISTEN) sshd 25538 root 3u IPv4 77978 0t0 TCP *:22 (LISTEN) sshd 25538 root 4u IPv6 77980 0t0 TCP *:22 (LISTEN)
That should list open ports as well.
Now you know how to list listing ports on Ubuntu; you can use any of the commands above to find ports that are not in use and turn off services to them.
Richard W
I love computers; maybe way too much. What I learned I try to share at geekrewind.com.
How to Find Out List of All Open Ports in Linux
In this article, we will briefly talk about ports in computer networking and move to how you can list all open ports in Linux.
In computer networking, and more definitely in software terms, a port is a logical entity which acts as a endpoint of communication to identify a given application or process on an Linux operating system. It is a 16-bit number (0 to 65535) which differentiates one application from another on end systems.
The two most popular Internet transport protocols, Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) and other less known protocols use port numbers for communication sessions (source and destination port numbers in conjunction with the source and destination IP addresses).
In addition, a combination of an IP address, port and protocol such as TCP/UDP is known as a socket, and every service must have a unique socket.
Below are the different categories of ports:
- 0-1023 – the Well Known Ports, also referred to as System Ports.
- 1024-49151 – the Registered Ports, also known as User Ports.
- 49152-65535 – the Dynamic Ports, also referred to as the Private Ports.
You can view a list of different applications and port/protocol combination in /etc/services file in Linux using cat command:
$ cat /etc/services OR $ cat /etc/services | less
# /etc/services: # $Id: services,v 1.48 2009/11/11 14:32:31 ovasik Exp $ # # Network services, Internet style # IANA services version: last updated 2009-11-10 # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports # are included, only the more common ones. # # The latest IANA port assignments can be gotten from # http://www.iana.org/assignments/port-numbers # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # Each line describes one service, and is of the form: # # service-name port/protocol [aliases . ] [# comment] tcpmux 1/tcp # TCP port service multiplexer tcpmux 1/udp # TCP port service multiplexer rje 5/tcp # Remote Job Entry rje 5/udp # Remote Job Entry echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp qotd 17/tcp quote qotd 17/udp quote msp 18/tcp # message send protocol msp 18/udp # message send protocol chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp-data 20/udp # 21 is registered to ftp, but also used by fsp ftp 21/tcp ftp 21/udp fsp fspd ssh 22/tcp # The Secure Shell (SSH) Protocol ssh 22/udp # The Secure Shell (SSH) Protocol telnet 23/tcp telnet 23/udp
To list all open ports or currently running ports including TCP and UDP in Linux, we will use netstat, is a powerful tool for monitoring network connections and statistics.
$ netstat -lntu Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 . 22 . * LISTEN tcp 0 0 . 80 . * LISTEN tcp 0 0 . 25 . * LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:*
- -l – prints only listening sockets
- -n – shows port number
- -t – enables listing of tcp ports
- -u – enables listing of udp ports
You can also use ss command, a well known useful utility for examining sockets in a Linux system. Run the command below to list all your open TCP and UCP ports:
$ ss -lntu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 *:68 *:* tcp LISTEN 0 128 . 22 . * tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 50 *:3306 *:* tcp LISTEN 0 128 . 80 ::* tcp LISTEN 0 100 . 25 . * tcp LISTEN 0 100 *:25
Make it a point to read through the man pages of the commands above for more usage information.
In summary, understanding the concept of ports in computer networking is very vital for system and network administrators. You can as well go through this netstat guide with simple, precise and well explained examples.
Last but not least, get in touch with us by sharing other methods for listing open ports in Linux or asking a question via the response form below.
How can I see what ports are open on my machine?
I would like to see what ports are open on my machine, e.g. what ports my machine is listening on. E.g. port 80 if I have installed a web server, and so on. Is there any command for this?
10 Answers 10
If the netstat command is not available, install it with:
sudo apt install net-tools -l already filters for listening. grep LISTEN won’t help beyond hiding 2 lines of header information.
-t : tcp, -l : listening socket, -p : show pid and program name, -n : print 127.0.0.1:80 instead of localhost:http . Reference: linux.die.net/man/8/netstat
The expanded command is sudo netstat —tcp —listening —programs —numeric . There’s no need to use grep unless you want to eliminate column headers.
nmap (install)
Nmap («Network Mapper») is a free and open source utility for network exploration or security auditing.
Use nmap 192.168.1.33 for internal PC or nmap external IP address .
More information man nmap .
Zenmap is the official GUI frontend.
Remember that there is a difference between nmap localhost and nmap 192.168.0.3 (or what ever you machine IP is)
I think netstat is a better answer to this. netstat will list what the system is listening on directly, and without using an additional application or doing unnecessary calls over localhost or thought the network.
This is stupid. If you have access to the computer, just use netstat -ln . You’ll instantly see all the open ports.
nmap localhost didn’t find services that were bound only to localhost. For example, I run influxd with bind-address:localhost:8086 . That didn’t show up in sudo nmap localhost , but did show up in sudo netstat -tulpn .
Other good ways to find out what ports are listenting and what your firewall rules are:
To list open ports use the netstat command.
$ sudo netstat -tulpn | grep LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5452/dnsmasq tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1037/cupsd tcp6 0 0 ::1:631 . * LISTEN 1037/cupsd In the above example three services are bound to the loopback address.
IPv4 services bound to the loopback address «127.0.0.1» are only available on the local machine. The equivalent loopback address for IPv6 is «::1». The IPv4 address «0.0.0.0» means «any IP address», which would mean that other machines could potentially connect to any of the locally configured network interfaces on the specific port.
Another method is to use the lsof command:
$ sudo lsof -nP -i | grep LISTEN cupsd 1037 root 9u IPv6 11276 0t0 TCP [::1]:631 (LISTEN) cupsd 1037 root 10u IPv4 11277 0t0 TCP 127.0.0.1:631 (LISTEN) dnsmasq 5452 nobody 5u IPv4 212707 0t0 TCP 127.0.0.1:53 (LISTEN) For more details see man netstat or man lsof .