It is the responsibility of the administrator to know which TCP and UDP ports are open on your computer.
Also, you need to know for what purpose these ports were opened.
By default some default ports are opened on most systems to perform basic functions such as ssh (port 22) and DNS (port 53).
This can be identified using the netstat command and the ss command.
But the netstat command has been removed in recent releases, replaced by the ss command.
What is Port?
In a computer network, a port is a communication terminal. But this is a logical framework for identifying a particular process in an operating system. Typically, port numbers use the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). There are two types of ports.
- Physical Port (Hardware)
- Software Port (Internet Addressing or Internet Port)
What’s Physical Port?
A hardware port is a physical connection to a computer or another electronic device. USB, Thunderbolt, and Ethernet are common ports on computers.
You can find these types of ports on the back of your computer or router. These ports allow you to connect the mouse, keyboard, monitor, and printer to your computer.
What’s Software Port?
A software port is called an Internet address or Internet port. Software ports allow your computer to access more than one application at a time without conflicts.
All data transmitted over the Internet uses a set of commands and rules called a protocol.
Each protocol is assigned to a specific port number. For example, all website data transferred over HTTP uses port 80 and HTTPS uses port 443. Similarly, Similarly, it uses values ranging from 0 to 65535.
In the operating system, this opens a socket to listen to incoming network requests. The socket is unique to each service. Socket is a combination of IP address, software port and protocol.
Port numbers are assigned in the following three ranges.
- 0-1023: Well Known Ports or System Ports
- 1024-49151: Registered Ports for applications
- 49152-65535: Dynamic Ports or Private Ports
The port category details are as follows.
- 0-1023 – The port range is system ports or well-known ports that are used by system processes assigned to the most widely used network services.
- 1024-49151 – The port range is user ports or registered ports that can be permanently assigned by IANA to a specific application service upon request.
- 49152-65535 – The port range is dynamic or private ports, which cannot be registered with IANA. This limit is used for personalized services, temporary purposes.
The following list of ports are commonly used on most servers.
Port Number | Short Description |
20 | File Transfer Protocol (FTP) data transfer |
21 | File Transfer Protocol (FTP) control (command) |
22 | Secure Shell (SSH), file transfers (scp, sftp) and port forwarding |
25 | Simple Mail Transfer Protocol (SMTP), used for email routing between mail servers |
53 | Domain Name System (DNS) |
80 | Hypertext Transfer Protocol (HTTP) |
110 | Post Office Protocol, version 3 (POP3) |
143 | Internet Message Access Protocol (IMAP), management of electronic mail messages on a server |
443 | Hypertext Transfer Protocol over TLS/SSL (HTTPS) |
465 | Authenticated SMTP over TLS/SSL (SMTPS) |
587 | email message submission (SMTP) |
953 | BIND remote name daemon control (RNDC) |
993 | Internet Message Access Protocol over TLS/SSL (IMAPS) |
995 | Post Office Protocol 3 over TLS/SSL (POP3S) |
2049 | Network File System (NFS) |
3306 | MySQL database system |
1) How to Check List of Open Ports on Linux
Use the below commands to find all open ports (TCP and UDP). The output below clearly shows which port the daemon is listening to.
# netstat -tulpn or # ss -lntu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.1.163:3000 0.0.0.0:* LISTEN 32574/node /home/ss tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6553/named tcp 0 0 192.168.1.163:443 0.0.0.0:* LISTEN 31294/nginx: master tcp 0 0 127.0.0.1:2302 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2304 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 31304/varnishd tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 13938/mongod tcp 0 0 0.0.0.0:2030 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 0.0.0.0:2031 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 192.168.1.163:80 0.0.0.0:* LISTEN 31294/nginx: master tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 1884/cwpsrv: worker tcp 0 0 192.168.1.163:8080 0.0.0.0:* LISTEN 20132/node tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 31304/varnishd tcp 0 0 10.10.2.160:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 192.168.1.163:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 6246/pure-ftpd (SER tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 14349/sshd tcp6 0 0 ::1:953 :::* LISTEN 6553/named tcp6 0 0 :::8443 :::* LISTEN 1734/httpd tcp6 0 0 :::3306 :::* LISTEN 6366/mysqld tcp6 0 0 :::82 :::* LISTEN 31304/varnishd tcp6 0 0 :::8181 :::* LISTEN 1734/httpd tcp6 0 0 ::1:53 :::* LISTEN 6553/named tcp6 0 0 :::21 :::* LISTEN 6246/pure-ftpd (SER tcp6 0 0 :::22 :::* LISTEN 14349/sshd udp 0 0 0.0.0.0:5353 0.0.0.0:* 626/avahi-daemon: r udp 0 0 0.0.0.0:60997 0.0.0.0:* 626/avahi-daemon: r udp 0 0 10.10.2.160:53 0.0.0.0:* 6553/named udp 0 0 192.168.1.163:53 0.0.0.0:* 6553/named udp 0 0 127.0.0.1:53 0.0.0.0:* 6553/named udp 0 0 0.0.0.0:68 0.0.0.0:* 688/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 689/dhclient udp6 0 0 ::1:53 :::* 6553/named
2) How to Check the List of Open TCP Ports on Linux
Use the commands below to check only the TCP ports that are being open. The output below shows which TCP port the service is listening to.
# netstat -tlpn or # ss -lnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 94.237.66.163:3000 0.0.0.0:* LISTEN 32574/node /home/ss tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6553/named tcp 0 0 94.237.66.163:443 0.0.0.0:* LISTEN 31294/nginx: master tcp 0 0 127.0.0.1:2302 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2304 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 31304/varnishd tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 13938/mongod tcp 0 0 0.0.0.0:2030 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 0.0.0.0:2031 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 94.237.66.163:80 0.0.0.0:* LISTEN 31294/nginx: master tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN 1139/cwpsrv: worker tcp 0 0 94.237.66.163:8080 0.0.0.0:* LISTEN 20132/node tcp 0 0 0.0.0.0:82 0.0.0.0:* LISTEN 31304/varnishd tcp 0 0 10.10.2.160:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 94.237.66.163:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6553/named tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 6246/pure-ftpd (SER tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 14349/sshd tcp6 0 0 ::1:953 :::* LISTEN 6553/named tcp6 0 0 :::8443 :::* LISTEN 838/httpd tcp6 0 0 :::3306 :::* LISTEN 6366/mysqld tcp6 0 0 :::82 :::* LISTEN 31304/varnishd tcp6 0 0 :::8181 :::* LISTEN 838/httpd tcp6 0 0 ::1:53 :::* LISTEN 6553/named tcp6 0 0 :::21 :::* LISTEN 6246/pure-ftpd (SER tcp6 0 0 :::22 :::* LISTEN 14349/sshd
3) How to Check the List of Open UDP Ports on Linux
Use the commands below to check only the UDP ports that are being listen. The output below shows which UDP port the service is listening to.
# netstat -ulpn or # ss -lnu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:5353 0.0.0.0:* 626/avahi-daemon: r udp 0 0 0.0.0.0:60997 0.0.0.0:* 626/avahi-daemon: r udp 0 0 10.10.2.160:53 0.0.0.0:* 6553/named udp 0 0 94.237.66.163:53 0.0.0.0:* 6553/named udp 0 0 127.0.0.1:53 0.0.0.0:* 6553/named udp 0 0 0.0.0.0:68 0.0.0.0:* 688/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 689/dhclient udp6 0 0 ::1:53 :::* 6553/named
4) How to Show Only Listening Sockets on Linux
Show only listening sockets.
# netstat -nl or # ss -nl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:gnunet *:* LISTEN tcp 0 0 *:eli *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:submission *:* LISTEN tcp 0 0 *:nbx-ser *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:nbx-dir *:* LISTEN tcp 0 0 *:urd *:* LISTEN tcp 0 0 *:ftp *:* LISTEN tcp 0 0 *:imaps *:* LISTEN tcp 0 0 *:infowave *:* LISTEN tcp 0 0 *:pop3s *:* LISTEN tcp 0 0 *:radsec *:* LISTEN udp 0 0 server1001.2daygeek:domain *:* udp 0 0 localhost.localdomain:domain *:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 15072767 /var/run/dovecot/log-errors unix 2 [ ACC ] STREAM LISTENING 15085335 /var/run/cphulkd.sock unix 2 [ ACC ] STREAM LISTENING 15072771 /var/run/dovecot/ipc unix 2 [ ACC ] STREAM LISTENING 7659533 /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 13341 /usr/local/cpanel/var/cpwrapd.sock unix 2 [ ACC ] STREAM LISTENING 15072827 /var/run/dovecot/auth-client unix 2 [ ACC ] STREAM LISTENING 15072831 /var/run/dovecot/auth-userdb unix 2 [ ACC ] STREAM LISTENING 15072843 /var/run/dovecot/anvil unix 2 [ ACC ] STREAM LISTENING 15458272 /dev/md/md0.sock unix 2 [ ACC ] STREAM LISTENING 15072761 /var/run/dovecot/login/pop3 unix 2 [ ACC ] STREAM LISTENING 13590274 /usr/local/cpanel/var/cpauthd.sock unix 2 [ ACC ] STREAM LISTENING 13543539 /var/run/ftpd.sock
5) How to Check if a Particular Port is Open in Linux or Not
If you want to check if a particular port is open on Linux or not, use the command below.
# netstat -tplan | grep :80 or # ss -lntu | grep :80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 16634/httpd