OSETC TECH

How To Check For Open Ports in Linux

This post will guide you how to list all Open TCP or UDP ports in your Linux Operating system. How do I dispaly all listening ports using the netstat, ss, nmap and lsof commands in Linux. How to check if a given port is in use in your CentOS or Ubuntu Linux.

Netstat Command


Netstat prints information about the Linux networking subsystem. It also can be used to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Options:

-t,--TCP: show All TCP ports
-u,--UDP: Show All UDP ports
-n,--numeric: Show numerical addresses instead of trying to determine symbolic host, port or user names.
-l,--listening: Show only listening sockets.
-p,--program: Show the PID and name of the program to which each socket belongs.

ss Command


ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations than other tools.

The syntax of the ss command is as follows:

ss [options] [ FILTER ]

Options:

-t, --tcp: Display TCP sockets.
-u, --udp: Display UDP sockets.
-p, --processes: Show process using socket.
-l, --listening: Display only listening sockets (these are omitted by default).

Nmap Command


Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

The syntax of the Nmap is as follows:

nmap [Scan Type...] [Options] {target specification}

Listing All Popular Ports


If you want to list all popular port numbers from the command line in your Linux system, and you can display the content from /etc/services file using cat command, type:

$ cat /etc/services

Outputs:

devops@devops:~$ cat /etc/services
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, officially ports have two entries
# even if the protocol doesn't support UDP operations.
#
# Updated from http://www.iana.org/assignments/port-numbers and other
# sources like http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/services .
# New ports will be added on request if they have been officially assigned
# by IANA and used in the real-world or are needed by a debian package.
# If you need a huge list of used numbers please install the nmap package.

tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # message send protocol
msp 18/udp
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail
......

If you need to find out a particular port number(such as:port number 443), and you can the cat command in combination with grep command to query it, type:

$ cat /etc/services | grep -w 443

Outputs:

devops@devops:~$ cat /etc/services | grep -w 443
https 443/tcp # http protocol over TLS/SSL

Checking Open Ports with netstat Command


If you want to check all listening TCP and UDP ports in your Linux system, and you can pass the -tunlp option to the netstat command, type:

$ sudo netstat -tunlp

Outputs:

devops@devops:~$ netstat -tunlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 10.128.138.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp6 0 0 :::3306 :::* LISTEN -
tcp6 0 0 :::139 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 fd42:841b:d3e7:7c96::53 :::* LISTEN -
tcp6 0 0 fe80::a01a:77ff:fe08:53 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 :::445 :::* LISTEN -
udp 0 0 10.128.138.1:53 0.0.0.0:* -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:67 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -

You can also use the grep command to filter the result. For example, you wish to check if the TCP port 22 is listening or not, you can use the following command:

$ sudo netstat -tnlp | grep :22

Outputs:

devops@devops:~$ sudo netstat -tnlp | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1267/sshd
tcp6 0 0 :::22 :::* LISTEN 1267/sshd

Checking Open Ports with ss Command


you can also use another command called ss to check listening TCP and UDP ports in your Linux system, type:

$ sudo ss -tunl

outputs:

devops@devops:~$ sudo ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
......
udp UNCONN 0 0 [fe80::a01a:77ff:fe08:a9b5]%lxdbr0:53 [::]:*
udp UNCONN 0 0 [::]:44741 [::]:*
udp UNCONN 0 0 [::]:5353 [::]:*
tcp LISTEN 0 50 0.0.0.0:139 0.0.0.0:*
tcp LISTEN 0 32 10.128.138.1:53 0.0.0.0:*
tcp LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
......

Checking Open Ports with Lsof Command


You can use lsof command to get a list of All open TCP or UDP ports from the command line in your Linux system. type:

$ sudo lsof -i -P -n

Outputs:

devops@devops:~$ sudo lsof -i -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
avahi-dae 858 avahi 12u IPv4 22588 0t0 UDP *:5353
avahi-dae 858 avahi 13u IPv6 22589 0t0 UDP *:5353
avahi-dae 858 avahi 14u IPv4 22590 0t0 UDP *:56748
avahi-dae 858 avahi 15u IPv6 22591 0t0 UDP *:44741
systemd-r 1113 systemd-resolve 12u IPv4 25352 0t0 UDP 127.0.0.53:53
systemd-r 1113 systemd-resolve 13u IPv4 25354 0t0 TCP 127.0.0.53:53 (LISTEN)
dhclient 1122 root 6u IPv4 23091 0t0 UDP *:68
nmbd 1208 root 15u IPv4 28907 0t0 UDP *:137
nmbd 1208 root 16u IPv4 28908 0t0 UDP *:138
nmbd 1208 root 17u IPv4 28926 0t0 UDP 192.168.3.50:137
nmbd 1208 root 18u IPv4 28927 0t0 UDP 192.168.3.255:137
nmbd 1208 root 19u IPv4 28928 0t0 UDP 192.168.3.50:138
nmbd 1208 root 20u IPv4 28929 0t0 UDP 192.168.3.255:138
nmbd 1208 root 22u IPv4 55988 0t0 UDP 172.17.0.1:137
nmbd 1208 root 23u IPv4 55989 0t0 UDP 172.17.255.255:137
nmbd 1208 root 24u IPv4 55990 0t0 UDP 172.17.0.1:138
nmbd 1208 root 25u IPv4 55991 0t0 UDP 172.17.255.255:138
nmbd 1208 root 26u IPv4 55992 0t0 UDP 10.128.138.1:137
nmbd 1208 root 27u IPv4 55993 0t0 UDP 10.128.138.255:137
nmbd 1208 root 28u IPv4 55994 0t0 UDP 10.128.138.1:138
nmbd 1208 root 29u IPv4 55995 0t0 UDP 10.128.138.255:138
sshd 1267 root 3u IPv4 38889 0t0 TCP *:22 (LISTEN)
sshd 1267 root 4u IPv6 38891 0t0 TCP *:22 (LISTEN)
apache2 1367 root 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
smbd 1370 root 32u IPv6 29623 0t0 TCP *:445 (LISTEN)
smbd 1370 root 33u IPv6 29624 0t0 TCP *:139 (LISTEN)
smbd 1370 root 34u IPv4 29625 0t0 TCP *:445 (LISTEN)
smbd 1370 root 35u IPv4 29626 0t0 TCP *:139 (LISTEN)
mysqld 1434 mysql 33u IPv6 31004 0t0 TCP *:3306 (LISTEN)
dnsmasq 1769 lxd 4u IPv4 31545 0t0 UDP *:67
dnsmasq 1769 lxd 6u IPv6 31547 0t0 UDP *:547
dnsmasq 1769 lxd 8u IPv4 31550 0t0 UDP 10.128.138.1:53
dnsmasq 1769 lxd 9u IPv4 31551 0t0 TCP 10.128.138.1:53 (LISTEN)
dnsmasq 1769 lxd 10u IPv6 31552 0t0 UDP [fe80::a01a:77ff:fe08:a9b5]:53
dnsmasq 1769 lxd 11u IPv6 31553 0t0 TCP [fe80::a01a:77ff:fe08:a9b5]:53 (LISTEN)
dnsmasq 1769 lxd 12u IPv6 31554 0t0 UDP [fd42:841b:d3e7:7c96::1]:53
dnsmasq 1769 lxd 13u IPv6 31555 0t0 TCP [fd42:841b:d3e7:7c96::1]:53 (LISTEN)
cupsd 12112 root 6u IPv6 72466 0t0 TCP [::1]:631 (LISTEN)
cupsd 12112 root 7u IPv4 72467 0t0 TCP 127.0.0.1:631 (LISTEN)
cups-brow 12113 root 7u IPv4 72484 0t0 UDP *:631
apache2 12147 www-data 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
apache2 12148 www-data 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
apache2 12149 www-data 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
apache2 12150 www-data 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
apache2 12151 www-data 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
sshd 12605 root 3u IPv4 73447 0t0 TCP 192.168.3.50:22->192.168.3.63:54913 (ESTABLISHED)
sshd 12705 devops 3u IPv4 73447 0t0 TCP 192.168.3.50:22->192.168.3.63:54913 (ESTABLISHED)

If you only want to get a list of all listening TCP ports with lsof command, and you can use the following command:

$ sudo lsof -iTCP -P -n

Outputs:

devops@devops:~$ sudo lsof -iTCP -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 1113 systemd-resolve 13u IPv4 25354 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 1267 root 3u IPv4 38889 0t0 TCP *:22 (LISTEN)
sshd 1267 root 4u IPv6 38891 0t0 TCP *:22 (LISTEN)
apache2 1367 root 4u IPv6 28865 0t0 TCP *:80 (LISTEN)
smbd 1370 root 32u IPv6 29623 0t0 TCP *:445 (LISTEN)
smbd 1370 root 33u IPv6 29624 0t0 TCP *:139 (LISTEN)
smbd 1370 root 34u IPv4 29625 0t0 TCP *:445 (LISTEN)
smbd 1370 root 35u IPv4 29626 0t0 TCP *:139 (LISTEN)
mysqld 1434 mysql 33u IPv6 31004 0t0 TCP *:3306 (LISTEN)
dnsmasq 1769 lxd 9u IPv4 31551 0t0 TCP 10.128.138.1:53 (LISTEN)

Checking Open POrts with Nmap Command


You can also use another command called nmap to check the open TCP ports on your Linux system, type:

$ sudo nmap -sT -O localhost

Outputs:

devops@devops:~$ sudo nmap -sT -O localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-08 06:49 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
rDNS record for 127.0.0.1: mytest.com
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
3306/tcp open mysql
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds

If you want to show UDP port connections, and you can use the following command:

$ sudo nmap -sU localhost

Outputs:

devops@devops:~$ sudo nmap -sU localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-08 06:50 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
rDNS record for 127.0.0.1: mytest.com
Not shown: 995 closed ports
PORT STATE SERVICE
68/udp open|filtered dhcpc
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
631/udp open|filtered ipp
5353/udp open zeroconf

Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds

Conclusion


You should know that how to show all listening TCP or UDP ports using netstat/ss/lsof/nmap commands in your CentOS or RHEL or Ubuntu Linux system.