How to check open port’s in Linux server

As a server administrator you should know which (TCP & UDP) port’s are open/listening in your server and what are the purposes of those ports are to be open. I have analysed and prepared this article to check open ports and reason for why the ports are open, for that we use netstat command which can print all the open ports and provides the program list which using the ports.

What is port ?

In computer networking, there are two types of ports available
1) Physical port (Hardware)
2) Virtual port (Software)

1) Physical Port ?

Physical ports are used in hardware side, say for example if i want to setup the server to live, i need to connect the server to power switch, switch, routers and modem that’s called physical port.

2) Virtual port ?

Virtual ports are part of TCP/IP networking. This is called software port. These ports allow software applications to share hardware resources without interfering with each other software and applications. Computers and routers automatically manage network traffic travelling via their virtual ports. Say for example if i set the port number 80 to web server all the web request served from port number 80 without interfering another service.

Port numbers are assigned in various ways, based on three ranges. Ports are specified by a number ranging from 0 to 65535.

1) System Ports (0-1023) are the well-known ports, They are used by system processes that provide widely used types of network services.
2) User Ports (1024-49151) are considered “registered”, This means that they can be “reserved”.
3) The Dynamic and/or Private Ports (49152-65535), cannot be registered and are suggested for private use.

The below list of port’s are commonly used all the servers.

Port-Number Short Description
20 FTP data transfer
21 FTP control (command)
22 SSH
25 SMTP
53 DNS services
80 HTTP traffic
110 POP3 mail port
143 IMAP mail port
443 HTTPS :Secure web traffic
465 SMTP over SSL
587 SMPT :message submission port
953 Domain Name System (DNS) RNDC Service
993 Internet Message Access Protocol over TLS/SSL (IMAPS)
995 Post Office Protocol 3 over TLS/SSL (POP3S)
3306 MySql

cPanel/WHM Server.

Port-Number Short Description
2082 cPanel without SSL
2083 cPanel with SSL
2086 cPanel/WHM without SSL
2087 cPanel/WHM with SSL
2095 cPanel default Web mail
2096 cPanel default SSL Web mail

1) To Print all Open/Listening Ports

To print all the open/listening ports (TCP & UDP) and which program using the port, use the below command. I have slightly modified all the output to post this article. The below output is clearly show’s which port is listening to which daemon.

# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:2086                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:2087                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      19648/mysqld
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      29845/exim
tcp        0      0 0.0.0.0:11021               0.0.0.0:*                   LISTEN      21444/sshd
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      29817/dovecot
tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      29873/spamd.pid --m
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      29817/dovecot
tcp        0      0 0.0.0.0:2095                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      13767/httpd
tcp        0      0 0.0.0.0:2096                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      29845/exim
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      26645/pure-ftpd (SE
tcp        0      0 109.123.79.89:53            0.0.0.0:*                   LISTEN      16562/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      16562/named
udp        0      0 83.170.117.130:53           0.0.0.0:*                               16562/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               16562/named

2) To Print all Open/Listening TCP Ports

To display open/listening ports and established TCP connections. The below output is showing all TCP listening ports and also sohowing the extablished connections. Two ssh connection and two ftp connection is currently established.

# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:2086                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:2087                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:2096                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:2078                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:2082                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:2083                0.0.0.0:*                   LISTEN
tcp        0     52 83.170.117.130:11021        219.91.219.14:49310         ESTABLISHED
tcp        0     84 83.170.117.130:22           218.108.213.150:32782       ESTABLISHED
tcp        0      0 83.170.117.130:11021        219.91.219.14:49509         ESTABLISHED
tcp        0     84 83.170.117.130:22           220.164.144.135:56764       ESTABLISHED

3) To Print all Open/Listening UDP Ports

To display only open/listening UDP ports. The output is showing only UDP connections. The out is little elaborate compare with above commands. This will shows which path is current listening in server.

# netstat -vaun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
udp        0      0 109.123.79.89:53            0.0.0.0:*
udp        0      0 109.123.79.88:53            0.0.0.0:*
udp        0      0 83.170.117.130:53           0.0.0.0:*
udp        0      0 127.0.0.1:53                0.0.0.0:*

4) To Print all Open/Listening FQDN

To Print FQDN (Fully qualified domain name) instead-of port number, use the below command.

# netstat --listen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:gnunet                    *:*                         LISTEN
tcp        0      0 *:eli                       *:*                         LISTEN
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:submission                *:*                         LISTEN
tcp        0      0 *:nbx-ser                   *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:nbx-dir                   *:*                         LISTEN
tcp        0      0 *:urd                       *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 *:imaps                     *:*                         LISTEN
tcp        0      0 *:infowave                  *:*                         LISTEN
tcp        0      0 *:pop3s                     *:*                         LISTEN
tcp        0      0 *:radsec                    *:*                         LISTEN
udp        0      0 server57323.jbtrdsema:domain *:*
udp        0      0 localhost.localdomain:domain *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     15072767 /var/run/dovecot/log-errors
unix  2      [ ACC ]     STREAM     LISTENING     15085335 /var/run/cphulkd.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072771 /var/run/dovecot/ipc
unix  2      [ ACC ]     STREAM     LISTENING     7659533 /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     13341  /usr/local/cpanel/var/cpwrapd.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072827 /var/run/dovecot/auth-client
unix  2      [ ACC ]     STREAM     LISTENING     15072831 /var/run/dovecot/auth-userdb
unix  2      [ ACC ]     STREAM     LISTENING     15072843 /var/run/dovecot/anvil
unix  2      [ ACC ]     STREAM     LISTENING     15458272 /dev/md/md0.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072761 /var/run/dovecot/login/pop3
unix  2      [ ACC ]     STREAM     LISTENING     13590274 /usr/local/cpanel/var/cpauthd.sock
unix  2      [ ACC ]     STREAM     LISTENING     13543539 /var/run/ftpd.sock

5) To Print Only Open/Listening TCP Ports

To Print only listening TCP port’s, Use the below command

# netstat -atnp -A inet | grep -i listen | uniq -c
      1 tcp        0      0 0.0.0.0:2086                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
      1 tcp        0      0 0.0.0.0:2087                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
      1 tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      19648/mysqld
      1 tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      29845/exim
      1 tcp        0      0 0.0.0.0:11021               0.0.0.0:*                   LISTEN      21444/sshd
      1 tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      29817/dovecot
      1 tcp        0      0 127.0.0.1:783               0.0.0.0:*                   LISTEN      29873/spamd.pid --m
      1 tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      29817/dovecot
      1 tcp        0      0 0.0.0.0:2095                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
      1 tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      13767/httpd
      1 tcp        0      0 0.0.0.0:2096                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
      1 tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      29845/exim
      1 tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      26645/pure-ftpd (SE
      1 tcp        0      0 109.123.79.89:53            0.0.0.0:*                   LISTEN      16562/named
      1 tcp        0      0 109.123.79.88:53            0.0.0.0:*                   LISTEN      16562/named
      1 tcp        0      0 83.170.117.130:53           0.0.0.0:*                   LISTEN      16562/named
      1 tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      16562/named
      1 tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      29845/exim
      1 tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      16562/named
      1 tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      13767/httpd
      1 tcp        0      0 0.0.0.0:2077                0.0.0.0:*                   LISTEN      30566/cpdavd - acce
      1 tcp        0      0 0.0.0.0:2078                0.0.0.0:*                   LISTEN      30566/cpdavd - acce
      1 tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      29817/dovecot
      1 tcp        0      0 0.0.0.0:2082                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -
      1 tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      29817/dovecot
      1 tcp        0      0 0.0.0.0:2083                0.0.0.0:*                   LISTEN      2042/cpsrvd (SSL) -

6) To find out particular Port

To Check the corresponding port is listening the concern daemon, use the below method and change the port number according that. Here i’m going to check whether port number 80 is listening apache.

	  
# netstat -plan | grep :80
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      16634/httpd

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...