- 4 Ways to Find Out What Ports Are Listening in Linux
- Using netstat Command
- Using lsof Command
- Using ss Command
- Using nmap Command
- Using the fuser Command
- Using the lshw Command
- Using the iptables Command
- Conclusion
- Checking Open and Listening Ports on Linux Using netstat and ss
- What is a Port in Computer Networking?
- How to Check Which Linux Ports Are in Use?
- Using netstat
- Using ss
- Using lsof
4 Ways to Find Out What Ports Are Listening in Linux
Linux is a popular operating system that is widely used by system administrators, developers, and other tech enthusiasts. One of important tasks in managing a Linux system is to identify which ports are being used and which ones are available. In this article, we will discuss 4 ways to find out what ports are listening in Linux.
Using netstat Command
The netstat command is a powerful tool that provides detailed information about network connections, routing tables, and other related statistics. To check which ports are listening, you can use following command −
This command will display a list of all ports that are currently listening on system. «-l» option tells netstat to only show listening sockets, «-t» specifies TCP connections, and «-n» displays port numbers instead of resolving them to names.
Here is an example output −
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
The output shows that SSH daemon is listening on port 22 and CUPS printing service is listening on port 631.
Using lsof Command
The lsof command (short for «list open files») is a powerful tool that can be used to list all open files and network connections on a Linux system. To find out which ports are listening, you can use following command −
$ sudo lsof -i -P -n | grep LISTEN
This command will display a list of all open network connections on system that are in a listening state. «-i» option specifies that we are interested in network connections, «-P» tells lsof to use port numbers instead of service names, and «-n» disables hostname resolution.
Here is an example output −
sshd 2269 root 3u IPv4 11758 0t0 TCP *:22 (LISTEN) cupsd 2889 root 7u IPv4 16314 0t0 TCP 127.0.0.1:631 (LISTEN)
The output shows that SSH daemon is listening on port 22 and CUPS printing service is listening on port 631.
Using ss Command
The ss command is a modern replacement for netstat command and provides similar functionality. To check which ports are listening, you can use following command −
This command will display a list of all TCP ports that are currently listening on system. «-l» option tells ss to only show listening sockets, «-t» specifies TCP connections, and «-n» displays port numbers instead of resolving them to names.
Here is an example output −
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 5 127.0.0.1:631 *:*
The output shows that SSH daemon is listening on port 22 and CUPS printing service is listening on port 631.
Using nmap Command
The nmap command is a powerful tool that can be used for network exploration, security scanning, and port scanning. To check which ports are listening on a remote system, you can use following command −
This command will perform a TCP SYN scan on all ports on remote system and report which ports are open and listening. «-sS» option tells nmap to use a SYN scan, which is a stealthy scanning technique that can evade some network intrusion detection systems. «-p-» option tells nmap to scan all 65535 ports on system.
Here is an example output −
Starting Nmap 7.60 ( https://nmap.org ) at 2023-03-23 10:00 PDT Nmap scan report for Host is up (0.035s latency). Not shown: 65534 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https
The output shows that remote system has ports 22, 80, and 443 open and listening.
Using the fuser Command
The fuser command is a simple utility that identifies processes using a particular file, directory, or socket. To check which ports are listening using the fuser command, use the following command −
$ sudo fuser -n tcp -v 1-65535
This command will display all processes using TCP ports 1 to 65535. Let’s break down the options used in the command −
-n tcp tells fuser to only display TCP connections
-v tells fuser to display more verbose output
The output of the fuser command will display a list of processes using TCP ports, along with their respective PIDs.
Using the lshw Command
The lshw command is a hardware information utility that can also be used to display network information, including open ports. To check which ports are listening using the lshw command, use the following command −
$ sudo lshw -class network -short
This command will display a list of network devices on your system, along with their respective drivers and open ports.
Using the iptables Command
The iptables command is a powerful firewall utility that can be used to display and manipulate firewall rules, including open ports. To check which ports are listening using the iptables command, use the following command −
This command will display the current firewall rules on your system, including any open ports that are allowed through the firewall.
Conclusion
Identifying which ports are listening on a Linux system is an important task for system administrators, developers, and security professionals. In this article, we discussed 4 ways to find out what ports are listening in Linux: using netstat command, using lsof command, using ss command, and using nmap command. Each of these methods has its own strengths and weaknesses, and you should choose one that best fits your needs. With these tools in your arsenal, you can better manage your Linux system and keep it secure.
Checking Open and Listening Ports on Linux Using netstat and ss
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
One step in securing a Linux computer system is identifying which ports are active. Your system’s active ports give you information about which outside applications may be connected to your system. You can also discover if you are unintentionally exposing an application or service to the internet, like a MySQL database. There are several Linux tools that help you discover which ports are in use and identify both ends of active communications. This guide introduces three common tools you can use with links to guides that dive deeper into each tool.
What is a Port in Computer Networking?
Service names and port numbers are used to distinguish between different services that run over transport protocols. Common transport protocols are TCP, UDP, DCCP, and SCTP. These protocols enable communication between applications by establishing a connection and ensuring data is transmitted successfully. Well-known port assignments, such as HTTP at port 80 over TCP and UDP, are listed at the IANA Service Name and Transport Protocol Port Number Registry. These port assignments help distinguish different types of network traffic across the same connection.
How to Check Which Linux Ports Are in Use?
Three tools to help you check ports in use on a Linux system are:
- netstat: This tool shows your server’s network status.
- ss: You can view socket statistics with the ss tool. For example, ss allows you to monitor TCP, UDP, and UNIX sockets.
- lsof: This Linux utility lists open files. Since everything on a Linux system can be considered a file, lsof provides a lot of information on your entire system.
While all three tools help you learn how to check if a port is open in Linux, each program has its own advantages and disadvantages. See the following examples to identify which tool is the best fit for your purpose.
Using netstat
The netstat tool is great for inspecting the following areas of your Linux system:
- Unix sockets and network connections
- Routing tables
- Network interfaces
- Network protocols
- Multicast group membership
Running netstat without any options displays all open sockets and network connections. While this checks if a port is open in Linux, it can generate a lot of output. You can control the output using netstat’s command-line options. For example, to view the PID and program name for a system’s listening TCP connections, run netstat with the following command-line options:
The output resembles the following:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:http-alt 0.0.0.0:* LISTEN 381070/monitorix-ht tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 553/systemd-resolve tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2145/sshd: /usr/sbi tcp 0 0 localhost:33060 0.0.0.0:* LISTEN 9638/mysqld tcp 0 0 localhost:mysql 0.0.0.0:* LISTEN 9638/mysqld tcp6 0 0 [::]:http [::]:* LISTEN 10997/apache2 tcp6 0 0 [::]:ssh [::]:* LISTEN 2145/sshd: /usr/sbi
To learn how to install netstat, interpret its output, and view common command line options, see our Inspecting Network Information with netstat guide.
Using ss
Another way to have Linux check ports is via the ss tool. ss was created to improve upon netstat and provides more functionality. It allows you to monitor TCP, UDP, and UNIX sockets. A socket enables programs to communicate with each other across a network and is comprised of an IP address and a port number.
Running the ss with no options displays TCP, UDP, and UNIX sockets. Similar to netstat, this unrestricted list can get quite big on busy machines, so it is useful to restrict the ss command’s output by using command-line options. For example, to view all listening and non-listening TCP sockets issue the following command:
The output resembles the following:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 0.0.0.0:http-alt 0.0.0.0:* LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:* LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:* LISTEN 0 70 127.0.0.1:33060 0.0.0.0:* LISTEN 0 151 127.0.0.1:mysql 0.0.0.0:* ESTAB 0 0 192.0.2.0:ssh 192.0.2.1:51617 TIME-WAIT 0 0 192.0.2.0:ssh 192.0.2.2:60630 TIME-WAIT 0 0 192.0.2.0:ssh 192.0.2.3:51312 TIME-WAIT 0 0 127.0.0.1:http-alt 127.0.0.1:52456 TIME-WAIT 0 0 192.0.2.0:ssh 192.0.2.4:44364 ESTAB 0 0 192.0.2.0:ssh 192.0.2.5:51718 LISTEN 0 511 *:http *:* LISTEN 0 128 [::]:ssh [::]:*
Using just the -l parameter tells ss to list all Linux’s listening ports, which are omitted by default, making it easier to check for listening ports in Linux.
To take a deeper dive into the ss tool, read our Learning to Use the ss Tool to its Full Potential guide. This guide provides commands specific to each protocol, commands to view general statistics about a system’s current connections, and ways to filter your output.
Using lsof
Since everything on a Linux system can be considered a file, the lsof tool can report on many aspects of a system, including open network interfaces and network connections. By default, it will list open ports in Linux. The lsof tool is preinstalled on many Linux distributions, so you may consider using it before a tool you need to install.
While one of the most frequent uses of lsof is determining which program listens to a given TCP port, one unique feature of the lsof tool is repeat mode*. This mode allows you to run the lsof command continuously on a timed interval. When inspecting your system to find information about which ports are in use, lsof can return information about which user and processes are using a specific port. For example, when working with a local development environment you may want to find which localhost ports are currently in use. Use the following command to retrieve this information:
The output returns a similar response:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME Adobe\x20 932 jdoe 14u IPv4 0x3dab8c45775e6b5b 0t0 TCP localhost:15292 (LISTEN) Code\x20H 38254 jdoe 81u IPv4 0x3dab8c45922118fb 0t0 TCP localhost:49336 (LISTEN) VBoxHeadl 49798 jdoe 15u IPv4 0x3dab8c45a01fcf1b 0t0 TCP localhost:rockwell-csp2 (LISTEN) Google 55001 jdoe 37u IPv4 0x3dab8c457579acbb 0t0 TCP localhost:51706->localhost:bmc_patroldb (ESTABLISHED) hugo 57981 jdoe 8041u IPv4 0x3dab8c45a423853b 0t0 TCP localhost:bmc_patroldb (LISTEN) hugo 57981 jdoe 8042u IPv4 0x3dab8c45a3a8e2db 0t0 TCP localhost:bmc_patroldb->localhost:51706 (ESTABLISHED)
lsof is a powerful diagnostic tool capable of a significant number of ways that you can combine its command line options to troubleshoot various issues. To learn more about the lsof command read our How to List Open Files with lsof guide. This guide provides information about command-line options, the anatomy of the lsof output, and filtering your output with regular expressions.
This page was originally published on Thursday, February 25, 2021.