How to Check Open Ports on Linux System

It is the responsibility of the administrator to know which TCP and UDP ports are open on your computer.

Also, you need to know for what purpose these ports were opened.

By default some default ports are opened on most systems to perform basic functions such as ssh (port 22) and DNS (port 53).

This can be identified using the netstat command and the ss command.

But the netstat command has been removed in recent releases, replaced by the ss command.

What is Port?

In a computer network, a port is a communication terminal. But this is a logical framework for identifying a particular process in an operating system. Typically, port numbers use the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). There are two types of ports.

  • Physical Port (Hardware)
  • Software Port (Internet Addressing or Internet Port)

What’s Physical Port?

A hardware port is a physical connection to a computer or another electronic device. USB, Thunderbolt, and Ethernet are common ports on computers.

You can find these types of ports on the back of your computer or router. These ports allow you to connect the mouse, keyboard, monitor, and printer to your computer.

What’s Software Port?

A software port is called an Internet address or Internet port. Software ports allow your computer to access more than one application at a time without conflicts.

All data transmitted over the Internet uses a set of commands and rules called a protocol.

Each protocol is assigned to a specific port number. For example, all website data transferred over HTTP uses port 80 and HTTPS uses port 443. Similarly, Similarly, it uses values ranging from 0 to 65535.

In the operating system, this opens a socket to listen to incoming network requests. The socket is unique to each service. Socket is a combination of IP address, software port and protocol.

Port numbers are assigned in the following three ranges.

  • 0-1023: Well Known Ports or System Ports
  • 1024-49151: Registered Ports for applications
  • 49152-65535: Dynamic Ports or Private Ports

The port category details are as follows.

  • 0-1023 – The port range is system ports or well-known ports that are used by system processes assigned to the most widely used network services.
  • 1024-49151 – The port range is user ports or registered ports that can be permanently assigned by IANA to a specific application service upon request.
  • 49152-65535 – The port range is dynamic or private ports, which cannot be registered with IANA. This limit is used for personalized services, temporary purposes.

The following list of ports are commonly used on most servers.

Port Number Short Description
20 File Transfer Protocol (FTP) data transfer
21 File Transfer Protocol (FTP) control (command)
22 Secure Shell (SSH), file transfers (scp, sftp) and port forwarding
25 Simple Mail Transfer Protocol (SMTP), used for email routing between mail servers
53 Domain Name System (DNS)
80 Hypertext Transfer Protocol (HTTP)
110 Post Office Protocol, version 3 (POP3)
143 Internet Message Access Protocol (IMAP), management of electronic mail messages on a server
443 Hypertext Transfer Protocol over TLS/SSL (HTTPS)
465 Authenticated SMTP over TLS/SSL (SMTPS)
587 email message submission (SMTP)
953 BIND remote name daemon control (RNDC)
993 Internet Message Access Protocol over TLS/SSL (IMAPS)
995 Post Office Protocol 3 over TLS/SSL (POP3S)
2049 Network File System (NFS)
3306 MySQL database system

1) How to Check List of Open Ports on Linux

Use the below commands to find all open ports (TCP and UDP). The output below clearly shows which port the daemon is listening to.

# netstat -tulpn
or
# ss -lntu

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.1.163:3000      0.0.0.0:*               LISTEN      32574/node /home/ss 
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 192.168.1.163:443       0.0.0.0:*               LISTEN      31294/nginx: master 
tcp        0      0 127.0.0.1:2302          0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2304            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      31304/varnishd      
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      13938/mongod        
tcp        0      0 0.0.0.0:2030            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 0.0.0.0:2031            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 192.168.1.163:80        0.0.0.0:*               LISTEN      31294/nginx: master 
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      1884/cwpsrv: worker 
tcp        0      0 192.168.1.163:8080      0.0.0.0:*               LISTEN      20132/node          
tcp        0      0 0.0.0.0:82              0.0.0.0:*               LISTEN      31304/varnishd      
tcp        0      0 10.10.2.160:53          0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 192.168.1.163:53        0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      6246/pure-ftpd (SER 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      14349/sshd          
tcp6       0      0 ::1:953                 :::*                    LISTEN      6553/named          
tcp6       0      0 :::8443                 :::*                    LISTEN      1734/httpd          
tcp6       0      0 :::3306                 :::*                    LISTEN      6366/mysqld         
tcp6       0      0 :::82                   :::*                    LISTEN      31304/varnishd      
tcp6       0      0 :::8181                 :::*                    LISTEN      1734/httpd          
tcp6       0      0 ::1:53                  :::*                    LISTEN      6553/named          
tcp6       0      0 :::21                   :::*                    LISTEN      6246/pure-ftpd (SER 
tcp6       0      0 :::22                   :::*                    LISTEN      14349/sshd          
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           626/avahi-daemon: r 
udp        0      0 0.0.0.0:60997           0.0.0.0:*                           626/avahi-daemon: r 
udp        0      0 10.10.2.160:53          0.0.0.0:*                           6553/named          
udp        0      0 192.168.1.163:53        0.0.0.0:*                           6553/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           6553/named          
udp        0      0 0.0.0.0:68              0.0.0.0:*                           688/dhclient        
udp        0      0 0.0.0.0:68              0.0.0.0:*                           689/dhclient        
udp6       0      0 ::1:53                  :::*                                6553/named          

2) How to Check the List of Open TCP Ports on Linux

Use the commands below to check only the TCP ports that are being open. The output below shows which TCP port the service is listening to.

# netstat -tlpn
or
# ss -lnt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 94.237.66.163:3000      0.0.0.0:*               LISTEN      32574/node /home/ss 
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 94.237.66.163:443       0.0.0.0:*               LISTEN      31294/nginx: master 
tcp        0      0 127.0.0.1:2302          0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2304            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      31304/varnishd      
tcp        0      0 0.0.0.0:2082            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2086            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2087            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      13938/mongod        
tcp        0      0 0.0.0.0:2030            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2095            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 0.0.0.0:2031            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 94.237.66.163:80        0.0.0.0:*               LISTEN      31294/nginx: master 
tcp        0      0 0.0.0.0:2096            0.0.0.0:*               LISTEN      1139/cwpsrv: worker 
tcp        0      0 94.237.66.163:8080      0.0.0.0:*               LISTEN      20132/node          
tcp        0      0 0.0.0.0:82              0.0.0.0:*               LISTEN      31304/varnishd      
tcp        0      0 10.10.2.160:53          0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 94.237.66.163:53        0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      6553/named          
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      6246/pure-ftpd (SER 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      14349/sshd          
tcp6       0      0 ::1:953                 :::*                    LISTEN      6553/named          
tcp6       0      0 :::8443                 :::*                    LISTEN      838/httpd           
tcp6       0      0 :::3306                 :::*                    LISTEN      6366/mysqld         
tcp6       0      0 :::82                   :::*                    LISTEN      31304/varnishd      
tcp6       0      0 :::8181                 :::*                    LISTEN      838/httpd           
tcp6       0      0 ::1:53                  :::*                    LISTEN      6553/named          
tcp6       0      0 :::21                   :::*                    LISTEN      6246/pure-ftpd (SER 
tcp6       0      0 :::22                   :::*                    LISTEN      14349/sshd          

3) How to Check the List of Open UDP Ports on Linux

Use the commands below to check only the UDP ports that are being listen. The output below shows which UDP port the service is listening to.

# netstat -ulpn
or
# ss -lnu

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           626/avahi-daemon: r 
udp        0      0 0.0.0.0:60997           0.0.0.0:*                           626/avahi-daemon: r 
udp        0      0 10.10.2.160:53          0.0.0.0:*                           6553/named          
udp        0      0 94.237.66.163:53        0.0.0.0:*                           6553/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           6553/named          
udp        0      0 0.0.0.0:68              0.0.0.0:*                           688/dhclient        
udp        0      0 0.0.0.0:68              0.0.0.0:*                           689/dhclient        
udp6       0      0 ::1:53                  :::*                                6553/named          

4) How to Show Only Listening Sockets on Linux

Show only listening sockets.

# netstat -nl
or
# ss -nl

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:gnunet                    *:*                         LISTEN
tcp        0      0 *:eli                       *:*                         LISTEN
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:submission                *:*                         LISTEN
tcp        0      0 *:nbx-ser                   *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:nbx-dir                   *:*                         LISTEN
tcp        0      0 *:urd                       *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 *:imaps                     *:*                         LISTEN
tcp        0      0 *:infowave                  *:*                         LISTEN
tcp        0      0 *:pop3s                     *:*                         LISTEN
tcp        0      0 *:radsec                    *:*                         LISTEN
udp        0      0 server1001.2daygeek:domain *:*
udp        0      0 localhost.localdomain:domain *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     15072767 /var/run/dovecot/log-errors
unix  2      [ ACC ]     STREAM     LISTENING     15085335 /var/run/cphulkd.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072771 /var/run/dovecot/ipc
unix  2      [ ACC ]     STREAM     LISTENING     7659533 /var/lib/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     13341  /usr/local/cpanel/var/cpwrapd.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072827 /var/run/dovecot/auth-client
unix  2      [ ACC ]     STREAM     LISTENING     15072831 /var/run/dovecot/auth-userdb
unix  2      [ ACC ]     STREAM     LISTENING     15072843 /var/run/dovecot/anvil
unix  2      [ ACC ]     STREAM     LISTENING     15458272 /dev/md/md0.sock
unix  2      [ ACC ]     STREAM     LISTENING     15072761 /var/run/dovecot/login/pop3
unix  2      [ ACC ]     STREAM     LISTENING     13590274 /usr/local/cpanel/var/cpauthd.sock
unix  2      [ ACC ]     STREAM     LISTENING     13543539 /var/run/ftpd.sock

5) How to Check if a Particular Port is Open in Linux or Not

If you want to check if a particular port is open on Linux or not, use the command below.

	  
# netstat -tplan | grep :80
or
# ss -lntu | grep :80

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      16634/httpd

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...