Linux ports and services

How to Check Open Ports in Linux?

Which ports are occupied by which service? How many open ports are there? Learn to scan for open ports on your Linux system or any remote system.

Whether you are using Linux as a server or desktop, knowing open ports or ports in use can be helpful in a variety of situations.

For example, if you are running an Apache or Ngnix based web server, the port in use should be 80 or 443. Checking the ports will confirm that. Similarly, you can check which port is being used by SMTP or SSH or some other services. Knowing which ports are in use can be helpful while allocating the ports to a new service.

You may also check if there are open ports for intrusion detection.

There are various ways for checking ports in Linux. I’ll share two of my favorite methods in this quick tip.

Method 1: Checking open ports in the currently logged in Linux system using lsof command

If you are logged into a system, either directly or via SSH, you can use the lsof command to check its ports.

This lsof command is used to find the files and processes used by a user. The options used here are:

• -i: If no IP address is specified, this option selects the listing of all network files
• -P: inhibits the conversion of port numbers to port names for network files
• -n: inhibits the conversion of network numbers to host names for network files

This way, it will list open ports in the Linux terminal:

But, this also shows us a lot of extra ports that the computer does not actually listen to.

You can list the listening ports by piping this output to the grep command and matching the pattern «LISTEN», like this:

sudo lsof -i -P -n | grep LISTEN

This will only show the ports our computer is actively listening to and which service is using said open port.

Now, let’s see another method to check open ports in bash shell.

Method 2: Checking ports on any remote Linux server using the netcat command

nc (Netcat) is a command line utility that reads and writes data between computers over the network using the TCP and UDP protocols.

Given below is the syntax for nc command:

This utility has a nifty -z flag. When used, it will make nc scan for listening daemons without actually sending any data to the port.

Combine this with the -v flag, enabling verbosity, you can get a detailed output.

Below is the command you can use to scan for open ports using the nc command:

nc -z -v 1-65535 2>&1 | grep -v 'Connection refused'

Replace IP-ADDRESS with the IP address of the Linux system you are checking the ports for.

As for why I selected values 1 to 65535 , that is because the port range starts from 1 and ends at 65535 .

Finally, pipe the output to the grep command. Using the -v option excludes any line that has «Connection refused» as a matched pattern.

This will show all the ports that are open on the computer which are accessible by another machine on the network.

Conclusion

Of the two methods, I prefer the lsof command. It’s quicker than nc command. However, you need to be logged into the system and have sudo access for that. In other words, lsof is more suitable a choice if you are managing a system.

The nc command has the flexibility of scanning ports without being logged in.

Both commands can be used for checking open ports in Linux based on the scenario you are in. Enjoy.

Источник

How to List Open Ports on Linux?

In networking, a port is an interesting feature. It’s a way for network traffic to identify the destination app or service. Each process/service gets its unique port. A port will always be associated with the IP address of the host along with the protocol.

This is a favorite metaphor of mine to describe what a port is. Imagine a ship loaded with cargo, which will travel to a distant land. What information is needed to reach the destination properly? For the sake of simplicity, let’s say it needs the country (the IP address) and the port the ship will dock.

In this guide, check out how to list open ports on Linux.

Ports on Linux

Ports act as an endpoint of communication. It’s a 16-bit number (0 to 65535 in decimal). While the range is large, for ease of use, ports are categorized into three categories. Each category is labeled as the range of port value:

• 0 to 1023: These are the “Well-known” ports, also known as the “System” ports, which are reserved for system processes that offer a wide variety of network services. To bind with a “Well-known” port, a process must have superuser privilege.
• 1024 to 49151: These are the “Registered” ports, also known as the “User” ports, that are designated by IANA for specific services. Upon request, a process may have access to them. In the case of most systems, it doesn’t require any superuser privilege to use these ports.
• 49152 to 65535: These are the “Dynamic” ports, also known as the “Private” ports. These ports can’t be registered with IANA. These ports are open to using for private or customized services and may also be automatically allocated as ephemeral ports (short-lived ports used by IP).

In Linux, there are multiple ways of checking the open ports. By default, any port will remain closed unless an app is using it. If a port is open, then it must be assigned to a service/process.

List Open Ports

It’s easier to identify which ports are in use rather than which ports are open. That’s why the following section will feature methods to list all the ports that are currently in use. In Linux, there are multiple tools available for the task. Most of them come built-in in any Linux distro.

Learning which ports are currently open can be useful in various scenarios. It’s possible to configure a dedicated port for a certain application. An open port may also be a strong indication of intrusion in the network.

The following methods are demonstrated on Ubuntu 20.04.1 LTS.

List protocols and open ports from /etc/services

The /etc/services file contains information about the currently running services. It’s a big file, so ready to get overwhelmed.

List open ports using netstat

The netstat tool is a utility for displaying network connections for TCP, routing tables, and various network interfaces. It also offers network protocol statistics. By using netstat, we can list all the open ports of the system.

Run the following netstat command:

Let’s have a quick breakdown of all the flags we used in this command.

• a: Tells netstat to show all sockets
• t: Tells netstat to list TCP ports
• u: Tells netstat to list UDP ports

Here’s another variation of the netstat command:

There are two new flags used in the command. What do they mean?

• l: Tells netstat to print only the listening sockets
• n: Tells netstat to show the port number

To display the PID of the process that’s using a port, use the “-p” flag:

List open ports using ss

The ss tool is a utility for investigating socket. Its usage is similar to netstat.

To list the open ports, run the following ss command:

The flags are similar to netstat. The functions they describe are also quite similar.

• l: Tells ss to display listening sockets
• n: Tells ss not to try to resolve service names
• t: Tells ss to display TCP sockets
• u: Tells ss to display UDP sockets

List open ports using lsof

The lsof command is to list open files. However, it can also be used for displaying the open ports.

Run the following lsof command:

To get the open ports of a specific protocol (TCP, UDP, etc.) then define it after the “-i” flag, use:

List open ports using nmap

The nmap tool is a powerful one for network exploration and security/port scanning. It can report all the open ports in the system.

To list the open TCP ports, run the following nmap command. Here, the IP address is of the host computer:

Here, there are two portions of the command argument.

• -sT: This section tells nmap to scan for TCP ports.
• -p- : This tells nmap to scan for all 65535 ports. If not used, then nmap will scan only 1000 ports by default.

If you need to list the open UDP ports, then run the following nmap command:

To get both the open TCP and UDP ports, use the following command:

List open ports using netcat

The netcat tool is a command line utility for reading and writing data across network connections over the TCP and UDP protocols. This tool can also be used for listing open ports. It can perform tests on a specific port or a range of ports.

The following netcat command will scan the port from 1 to 1000. The netcat command will perform the scan on TCP protocol by default:

It can also be extended to the entire list of possible ports:

Let’s have a quick breakdown of the flags.

• z: Tells netcat to scan only for open ports without sending any data
• v: Tells netcat to run in verbose mode

To get only the open ports from this list, filter the output with grep for the term “succeeded”.

If you want to perform the scan on UDP protocol, then add the “-u” flag.

Final Thoughts

As demonstrated, there are tons of ways to scan for open ports on Linux. I suggest trying out all the methods before you decide which one to master. If you’re using a certain tool like netcat or nmap regularly, then mastering the associated methods will be the most beneficial.

About the author

Sidratul Muntaha

Student of CSE. I love Linux and playing with tech and gadgets. I use both Ubuntu and Linux Mint.

Источник

3 Ways to Find Out Which Process Listening on a Particular Port

A port is a logical entity that represents an endpoint of communication and is associated with a given process or service in an operating system. In previous articles, we explained how to find out the list of all open ports in Linux and how to check if remote ports are reachable using the Netcat command.

In this short guide, we will show different ways of finding the process/service listening on a particular port in Linux.

1. Using netstat Command

netstat (network statistics) command is used to display information concerning network connections, routing tables, interface stats, and beyond. It is available on all Unix-like operating systems including Linux and also on Windows OS.

In case you do not have it installed by default, use the following command to install it.

$ sudo apt-get install net-tools [On Debian/Ubuntu & Mint] $ sudo dnf install net-tools [On CentOS/RHEL/Fedora and Rocky Linux/AlmaLinux] $ pacman -S netstat-nat [On Arch Linux] $ emerge sys-apps/net-tools [On Gentoo] $ sudo dnf install net-tools [On Fedora] $ sudo zypper install net-tools [On openSUSE]

Once installed, you can use it with the grep command to find the process or service listening on a particular port in Linux as follows (specify the port).

In the above command, the flags.

• l – tells netstat to only show listening sockets.
• t – tells it to display tcp connections.
• n – instructs it to show numerical addresses.
• p – enables showing of the process ID and the process name.
• grep -w – shows matching of exact string (:80).

Note: The netstat command is deprecated and replaced by the modern ss command in Linux.

2. Using lsof Command

lsof command (List Open Files) is used to list all open files on a Linux system.

To install it on your system, type the command below.

$ sudo apt-get install lsof [On Debian, Ubuntu and Mint] $ sudo yum install lsof [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a sys-apps/lsof [On Gentoo Linux] $ sudo pacman -S lsof [On Arch Linux] $ sudo zypper install lsof [On OpenSUSE]

To find the process/service listening on a particular port, type (specify the port).

3. Using fuser Command

fuser command shows the PIDs of processes using the specified files or file systems in Linux.

You can install it as follows:

$ sudo apt-get install psmisc [On Debian, Ubuntu and Mint] $ sudo yum install psmisc [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a sys-apps/psmisc [On Gentoo Linux] $ sudo pacman -S psmisc [On Arch Linux] $ sudo zypper install psmisc [On OpenSUSE]

You can find the process/service listening on a particular port by running the command below (specify the port).

Then find the process name using PID number with the ps command like so.

$ ps -p 2053 -o comm= $ ps -p 2381 -o comm=

You can also check out these useful guides about processes in Linux.

You might also like:

That’s all! Do you know of any other ways of finding the process/service listening on a particular port in Linux, let us know via the comment form below.

Источник