ILO 5 Advance Key

35DPH-SVSXJ-HGBJN-C7N5R-2SS4W

How to check open ports in Linux

Briefly, we will describe ports within the computer networking and further, we will talk
about how we can list every open port in Linux.

A port can be defined as a logical entity in computer networking and software terms.

It acts as a communication endpoint for identifying a given process or application on

the Linux operating system. A port is a 16-bit (o to 65535) number that differentiates a
single application from others on various end systems.

Two of the most famous Internet transport protocols, User Datagram Protocol

(UDP) and Transmission Control Protocol (TCP) and other protocols apply port
numbers for many sessions of communication (destination and source port numbers in
conjunction with the destination and source IP addresses).

A combination of a protocol, port, and IP address like TCP/UDP is called a socket. It is

necessary that all the services should have a specific socket.

Categories of Port
These ports are divided into three categories for ease of use because the variety of ports
is large. All the categories are labeled as the port value range:

0-1023: These ports are well-known and called "System" ports. They are reserved for

the processes of the system that provide a huge range of network services. A process
should have the privileges of a superuser for binding with any "Well-known" port.

1024-49151: These ports are "Registered" and called the "User" ports. They are

designated via IANA for unique services. A process might have authentication to them
upon request. It does not need any privilege of a superuser for using these ports in the
most systems case.
 49152-65535: These ports are "Dynamic" and called the "Private" ports. They can not
be registered with IANA. These types of ports are open for using for customized and
private services and may also be allocated as the ephemeral ports (known as short-
lived ports applied by IP) automatically.

There are so many ways for checking open ports in Linux. By default, a port will close
unless any application is applying it. A port should be assigned to a process or service if
it is open.

Open Ports List

It is easier to know which port is in use instead of which port is open. Hence, the below
section will provide methods for listing every port that is in use currently.

There are several tools present for this task in Linux. Most of them available built-in in a
Linux distribution.

Learning which port is currently open could be helpful in many scenarios. It is possible
to determine a dedicated port for an assured application. An open port might be a
strong intrusion indication within the network.

The methods are used on Ubuntu 20.04 LTS which are mentioned below.

List open ports and protocols using /etc/services file

The file, i.e., /etc/services contains details about the running services (currently). It is a
large file.

1. $cat /etc/services | less  
 AD

List open ports with netstat

The netstat tool can be described as a utility to display network connections for routing
tables, TCP, and several network interfaces. Also, it facilitates statistics of network
protocol. We could list every open port of a system by using the netstat tool.

We can execute the below command:

AD

1. $ netstat -atu   
 Let's quickly explain the breakdown of each flag that we used in the above command:

1. a: This flag informs netstat for displaying each socket.

2. t: This flag informs netstat for listing TCP ports.

3. u: This flag informs netstat for listing UDP ports.

The netstat command has another variation which is mentioned below:

AD

1. $ netstat -lntu   
 Two flags are new in the above command which is explained as follows:

1. l: This flag informs netstat for printing the listening sockets only.

2. n: This flag informs netstat for showing the port number.

We can use a flag, i.e., "-p" to show the process PID that is using any port.

1. $ netstat -lntup   

Check open ports locally

The netstat command is available on every computer operating system for monitoring
network connections. The below command applies netstat to display each listening port
with the TCP protocol:

1. netstat -lt   
 Let's briefly define the flags which are present in the above command:

1. -l: It lists the listening ports.

2. -t: It specifies the TCP protocol.

The result is well ordered in columns displaying the protocol, human friendly, sent and
received packets, port state, remote and local IP addresses.

If we modify the TCP protocol for UDP protocol, then the output will show open ports
only. The result will show without describing the state due to contradiction to the TCP
protocol.

1. netstat -lu   
 We can ignore describing protocols and apply only the option --listen or -l for getting
details on each port listening freely of the protocol:

1. netstat --listen  
 The above option will show the details for Unix, UDP, and TCP socket protocols.

Every example above displays how to print the details over listening ports without
authorized connections. The below commands display how to show listening ports and
authorized connections.

1. netstat -vatn   
 Where:

1. -v: It is used for verbosity.

2. -a: It displays active connections.

3. -t: It displays tcp connections.

4. -n: It displays ports (numerical value).

Let's say we recognize a suspicious process within our system and we wish to check
related ports to it. We can use the lsof command which is used for listing open files
related to processes.

1. lsof -i 4 -a -p <Process-Number>  

Where,

1. -i: It lists the files collaborating with the Internet, the 6 option is present for IPv6, and
the 4 option instructs for printing only IPv4.

2. -a: It instructs the result to be ANDed.

3. -p: It specifies the process PID number we wish to check.

 List open ports with ss
The ss tool can be specified as a utility to investigate the socket. The usage of this tool is
the same as the netstat command.

We can run the below command for listing the open ports:

1. $ ss -lntu   

The above flags are the same as the netstat command. The functions which are
described by the ss tool are quite the same as well.

1. l: This flag informs ss for displaying the listening sockets.

2. n: This flag informs ss not to attempt to conclude service names.

3. t: This flag informs ss for display TCP sockets.

4. u: This flag informs ss for displaying UDP sockets.

List open ports with lsof

The lsof command can be used for listing open files. But, it can be used to display the
open ports as well.

We can execute the following command:

1. $ lsof -i   

For getting the open ports of a particular protocol (UDP, TCP, etc.) then specify it after
using the "-i" flag, we can execute the following command:

1. $ lsof -i <protocol>  

List open ports with nmap

The nmap command can be defined as a strong one for port/security scanning and
network exploration. It can also report each open port within the system.

We can execute the following command for listing the open TCP ports.

1. $ sudo nmap -sT -p- localhost  

There are two sections of this command which is mentioned above:

1. -sT: It informs the nmap tool for scanning TCP ports.

2. -p-: It informs the nmap tool for scanning every 65535 ports. The nmap tool will
scan 1000 ports only by default if not used.
 If we require to list the open ports of UDP, then we can execute the following command:

1. $ sudo nmap -sU -p- localhost  

We can also execute the following command for getting both the UDP and TCP ports:

1. $ sudo nmap -n -PN -sT -sU -p- localhost  

List open ports with netcat

 The netcat tool can be described as a command-line utility to read and write data across
many network connections on the UDP and TCP protocols. Also, it can be used to list
open ports. This tool can implement tests over a particular port or a variety of ports.

The below netcat command is used for scanning the port from 1-1000. By default, it will
implement the scan over TCP protocol:

1. $ nc -z -v localhost 1-1000  
 Also, it can be extended to the whole list of certain ports:

1. $ nc -z -v localhost 1-65535  
Let's have a breakdown of these flags quickly.

1. z: It informs the netcat command for scanning open ports only, without transferring
any data.

2. v: It informs the netcat command for running in verbose mode.

 We can filter the result with the help of grep for a term "succeeded" for getting only the
open ports through this list.

1. $ nc -z -v 127.0.0.1 20-80 | grep succeeded   

If we wish to implement the scan over UDP protocol, the. We can include the "-u" flag.
1. $ nc -z -v -u localhost 0-65535 2>&1 | grep succeeded   

In this article, we will briefly talk about ports in computer networking and move to
how you can list all open ports in Linux.

In computer networking, and more definitely in software terms, a port is a logical

entity which acts as a endpoint of communication to identify a given application
or process on an Linux operating system. It is a 16-bit number (0 to 65535) which
differentiates one application from another on end systems.
The two most popular Internet transport protocols, Transmission Control
Protocol (TCP) and the User Datagram Protocol (UDP) and other less known
protocols use port numbers for communication sessions (source and destination
port numbers in conjunction with the source and destination IP addresses).
In addition, a combination of an IP address, port and protocol such
as TCP/UDP is known as a socket, and every service must have a unique
socket.
Below are the different categories of ports:

 0-1023 – the Well Known Ports, also referred to as System Ports.

 1024-49151 – the Registered Ports, also known as User Ports.
 49152-65535 – the Dynamic Ports, also referred to as the Private Ports.
You can view a list of different applications and port/protocol combination
in /etc/services file in Linux using cat command:

$ cat /etc/services

OR

$ cat /etc/services | less

Network Services and Ports

# /etc/services:
# $Id: services,v 1.48 2009/11/11 14:32:31 ovasik Exp $

# Network services, Internet style

# IANA services version: last updated 2009-11-10

# Note that it is presently the policy of IANA to assign a

single well-known

# port number for both TCP and UDP; hence, most entries here
have two entries

# even if the protocol doesn't support UDP operations.

# Updated from RFC 1700, ``Assigned Numbers'' (October

1994). Not all ports

# are included, only the more common ones.

# The latest IANA port assignments can be gotten from

# http://www.iana.org/assignments/port-numbers

# The Well Known Ports are those from 0 through 1023.

# The Registered Ports are those from 1024 through 49151

# The Dynamic and/or Private Ports are those from 49152
through 65535

# Each line describes one service, and is of the form:

# service-name port/protocol [aliases ...] [# comment]

tcpmux 1/tcp # TCP port

service multiplexer

tcpmux 1/udp # TCP port

service multiplexer

rje 5/tcp # Remote Job

Entry

rje 5/udp # Remote Job

Entry

echo 7/tcp

echo 7/udp

discard 9/tcp sink null

discard 9/udp sink null

systat 11/tcp users

systat 11/udp users

daytime 13/tcp

daytime 13/udp

qotd 17/tcp quote

qotd 17/udp quote

msp 18/tcp # message

send protocol

msp 18/udp # message

send protocol

chargen 19/tcp ttytst source

chargen 19/udp ttytst source

ftp-data 20/tcp

ftp-data 20/udp

# 21 is registered to ftp, but also used by fsp

ftp 21/tcp

ftp 21/udp fsp fspd

ssh 22/tcp # The Secure

Shell (SSH) Protocol
ssh 22/udp # The Secure
Shell (SSH) Protocol

telnet 23/tcp

telnet 23/udp

To list all open ports or currently running ports including TCP and UDP in Linux,

we will use netstat, is a powerful tool for monitoring network connections and
statistics.
List All Network Ports Using Netstat Command

$ netstat -lntu

Proto Recv-Q Send-Q Local Address Foreign

Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN
tcp 0 0 :::22 :::*
LISTEN
tcp 0 0 :::80 :::*
LISTEN
tcp 0 0 :::25 :::*
LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*

Where,

 -l – prints only listening sockets

 -n – shows port number
 -t – enables listing of tcp ports
 -u – enables listing of udp ports
You can also use ss command, a well known useful utility for examining sockets
in a Linux system. Run the command below to list all your open TCP and UCP
ports:
List All Network Ports Using ss Command
$ ss -lntu

Netid State Recv-Q Send-Q Local

Address:Port Peer Address:Port
udp UNCONN 0 0 *:68
*:*
tcp LISTEN 0 128 :::22
:::*
tcp LISTEN 0 128 *:22
*:*
tcp LISTEN 0 50 *:3306
*:*
tcp LISTEN 0 128 :::80
::*
tcp LISTEN 0 100 :::25
:::*
tcp LISTEN 0 100 *:25

What the hell are a TCP and UDP ports?

A port is nothing but a 16-bit number between 0 to 65535. For example, TCP
port number 22 may be forwarded to the OpenSSH server. Therefore, 22 port
number is a way to identify the sshd (OpenSSH server) process.

Port numbers
 The Well Known Ports are those from 0 through 1023.
 The Registered Ports are those from 1024 through 49151.
 The Dynamic and Private Ports are those from 49152 through 65535.
A registered port is a network port assigned by the Internet Assigned
Numbers Authority (IANA) and stored in  /etc/services  file. Use the cat
command or grep command/egrep command to view port numbers and
service mappings:
$ cat /etc/services
$ grep -w '80/tcp' /etc/services
$ grep -w '443/tcp' /etc/services
$ grep -E -w '22/(tcp|udp)' /etc/services

Display a list of applications and their ports assigned by IANA

Check open ports in Linux

The procedure to monitor and display open ports in Linux is as follows:

1. Open a Linux terminal application

2. Use  ss  command to display all open TCP and UDP ports in Linux.
3. Another option is to use the  netstat  command to list all ports in Linux.
4. Apart from  ss / netstat  one can use the  lsof  command to list open files
and ports on Linux based system.
5. Finally, one can use  nmap  command to check TCP and UDP ports too.
Let us see all commands and examples in details.
Using netstat to list open ports
Type the following netstat command$ sudo netstat -tulpn | grep LISTEN

For example, TCP port 631 opened by cupsd process and cupsd only listing
on the loopback address (127.0.0.1). Similarly, TCP port 22 opened by sshd
process and sshd listing on all IP address for ssh connections:
Proto Recv-Q Send-Q Local Address Foreign Address
State User Inode PID/Program name

tcp 0 0 127.0.0.1:631 0.0.0.0:*

LISTEN 0 43385 1821/cupsd

tcp 0 0 0.0.0.0:22 0.0.0.0:*

LISTEN 0 44064 1823/sshd

Where,

 -t  : All TCP ports

 -u  : All UDP ports
 -l  : Display listening server sockets
 -p  : Show the PID and name of the program to which each socket belongs
 -n  : Don’t resolve names
 | grep LISTEN  : Only display open ports by applying grep command filter.
Use ss to list open ports
The ss command is used to dump socket statistics. It allows showing
information similar to netstat. It can display more TCP and state information
than other tools. The syntax is:
$ sudo ss -tulpn
Sample outputs:
Netid State Recv-Q Send-Q Local
Address:Port Peer Address:Port
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:(("chromium-
browse",pid=12893,fd=419))
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:(("chromium-
browse",pid=12938,fd=395))
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:
(("chrome",pid=10111,fd=178))
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:
(("chrome",pid=10111,fd=139))
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:(("chrome",pid=10111,fd=48))
udp UNCONN 0 0
224.0.0.251:5353 0.0.0.0:* users:(("chrome",pid=10161,fd=43))
udp UNCONN 0 0
0.0.0.0:5353 0.0.0.0:* users:(("avahi-
daemon",pid=1590,fd=15))
udp UNCONN 0 0
0.0.0.0:5355 0.0.0.0:* users:(("systemd-
resolve",pid=1566,fd=12))
udp UNCONN 0 0
0.0.0.0:55204 0.0.0.0:* users:(("avahi-
daemon",pid=1590,fd=17))
udp UNCONN 0 0
0.0.0.0:49112 0.0.0.0:* users:(("openvpn",pid=18342,fd=8))
udp UNCONN 0 0
10.205.77.1:53 0.0.0.0:* users:(("dnsmasq",pid=2416,fd=8))
udp UNCONN 0 0
192.168.122.1:53 0.0.0.0:* users:
(("dnsmasq",pid=2081,fd=5))
udp UNCONN 0 0
127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-
resolve",pid=1566,fd=17))
udp UNCONN 0 0
0.0.0.0%lxdbr0:67 0.0.0.0:* users:
(("dnsmasq",pid=2416,fd=4))
udp UNCONN 0 0
0.0.0.0%virbr0:67 0.0.0.0:* users:
(("dnsmasq",pid=2081,fd=3))
udp UNCONN 0 0
0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=18263,fd=7))
udp UNCONN 0 0
127.0.0.1:323 0.0.0.0:* users:(("chronyd",pid=1652,fd=6))
udp UNCONN 0 0
[::]:5353 [::]:* users:(("avahi-daemon",pid=1590,fd=16))
udp UNCONN 0 0
[::]:5355 [::]:* users:(("systemd-
resolve",pid=1566,fd=14))
udp UNCONN 0 0
[::]:60302 [::]:* users:(("avahi-daemon",pid=1590,fd=18))
udp UNCONN 0 0
[fd42:400:b94d:ad98::1]:53 [::]:* users:
(("dnsmasq",pid=2416,fd=12))
udp UNCONN 0 0
[fe80::e400:44ff:feb7:3233]%lxdbr0:53 [::]:* users:
(("dnsmasq",pid=2416,fd=10))
udp UNCONN 0 0
[::1]:323 [::]:* users:(("chronyd",pid=1652,fd=7))
udp UNCONN 0 0 [::]
%lxdbr0:547 [::]:* users:(("dnsmasq",pid=2416,fd=6))
tcp LISTEN 0 128
127.0.0.1:53306 0.0.0.0:* users:
(("AgentAntidote.b",pid=6206,fd=16),("AgentAntidote",pid=6164,fd=16),
("AgentConnectix.",pid=3371,fd=16))
tcp LISTEN 0 5
127.0.0.1:44321 0.0.0.0:* users:(("pmcd",pid=3784,fd=0))
tcp LISTEN 0 5
127.0.0.1:4330 0.0.0.0:* users:(("pmlogger",pid=9725,fd=9))
tcp LISTEN 0 128
0.0.0.0:5355 0.0.0.0:* users:(("systemd-
resolve",pid=1566,fd=13))
tcp LISTEN 0 5
10.205.77.1:53 0.0.0.0:* users:(("dnsmasq",pid=2416,fd=9))
tcp LISTEN 0 32
192.168.122.1:53 0.0.0.0:* users:
(("dnsmasq",pid=2081,fd=6))
tcp LISTEN 0 128
127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-
resolve",pid=1566,fd=18))
tcp LISTEN 0 128
0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1823,fd=5))
tcp LISTEN 0 5
127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=1821,fd=10))
tcp LISTEN 0 5
[::1]:44321 [::]:* users:(("pmcd",pid=3784,fd=3))
tcp LISTEN 0 5
[::1]:4330 [::]:* users:(("pmlogger",pid=9725,fd=10))
tcp LISTEN 0 128
[::]:5355 [::]:* users:(("systemd-
resolve",pid=1566,fd=15))
tcp LISTEN 0 5
[fd42:400:b94d:ad98::1]:53 [::]:* users:
(("dnsmasq",pid=2416,fd=13))
tcp LISTEN 0 5
[fe80::e400:44ff:feb7:3233]%lxdbr0:53 [::]:* users:
(("dnsmasq",pid=2416,fd=11))
tcp LISTEN 0 128
[::]:22 [::]:* users:(("sshd",pid=1823,fd=7))
tcp LISTEN 0 5
[::1]:631 [::]:* users:(("cupsd",pid=1821,fd=9))

Listening ports and applications using lsof

command
Let us run the following to check open TCP and UDP ports using the lsof
command:
$ sudo lsof -i -P -n | grep LISTEN

Where,
 -i  : Look for listing ports
 -P  : Inhibits the conversion of port numbers to port names for network
files. Inhibiting the conversion may make lsof run a little faster. It is also
useful when port name lookup is not working properly.
 -n  : Do not use DNS name
 | grep LISTEN  : Again only show ports in LISTEN state using the grep
command as filter.
nmap command
In addition, to above commands one can use the nmap command which is an
open source tool for network exploration and security auditing. We are going
to use nmap to find and list open ports in Linux:
$ sudo nmap -sT -O localhost
$ sudo nmap -sU -O 192.168.2.254 ##[ list open UDP ports ]##
$ sudo nmap -sT -O 127.0.0.1 ##[ list open TCP ports ]##
$ sudo nmap -sTU -O 192.168.2.24
Sample outputs:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-22 23:49 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00024s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops
 
OS detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds

The open port doesn’t mean anyone from

outside can access those ports
So far, you know how to find and list open TCP and UDP ports on Linux.
However, those ports can still be blocked by software, cloud, or hardware
firewall. Hence, you need to verify that your corporate firewall is not blocking
incoming or outgoing access. For instance on Linux server we list or dump
firewall rules using the following syntax:
$ sudo iptables -S
# IPv6 #
$ sudo ip6tables -S
How to List Open Ports in Firewalld
Firewalld is the default firewall program on CentOS 7, Red Hat Enterprise
Linux 7 (RHEL 7), Fedora 18+ and some other popular Linux distributions. It
is very powerful for managing IPv4 and IPv6 networks. It has easy to use
command line interface (CLI) and a great alternative to iptables.
In this article, I am going to show you how to list open ports in Firewalld. I am
going to use CentOS 7.4 for the demonstration, but the same commands
should work on any Linux distribution with Firewalld installed. Let’s get
started.
What is an Open Port?
First let’s discuss what an open port is. It is clearly a networking term.

AD

You can install many server software packagess on a single computer such
as HTTP server, DNS server, Database Server and so on. But it may have a
limited number of network interfaces on it. Let’s say it has one physical
network interface available and its configured to have an IP address 10.0.1.11
and you have HTTP and MySQL database server installed on it. So when you
connect to 10.0.1.11 from another computer, how does your server computer
know what service you want to use? The HTTP service or the MySQL
database service.

Well to differentiate between the HTTP service and MySQL database service,
the IP address also has another property called port. Port is a 16-bit integer,
which means it can be a number from 0 to 65536. So your server computer
runs different services or server softwares on different ports. For example, the
HTTP server runs on port 80, the MySQL database server runs on port 3306
and so on.

To talk to specific service on your server computer, let’s say the HTTP server,
the client computer has to pass the port 80 along with the IP address
10.0.1.11. So port 80 is an open port because a client computer can talk to it.

When you have firewall program configured, by default, it blocks all the port.
So even when the service is running on a specific port on your server
computer, a client computer won’t be able to connect to it.
AD

So how do I know what ports are open and I can connect to on my server
computer? Well, that’s the topic of this article.

Finding Open Ports with Firewalld:

First check whether firewalld service is running with the following command:
$ sudo systemctl status firewalld

AD

As you can see from the marked section of the screenshot below,
the firewalld service is running. So we are good to go.

AD

If your firewalld service is not running, you can start firewalld service with the

following command:
$ sudo systemctl start firewalld
Now you can use the firewall-cmd command configure and get information
about Firewalld.
You can print the whole Firewalld configuration with the following command:

$ sudo firewall-cmd --list-all

The open ports and services are listed in the services: and ports: line as

marked in the screenshot below.
AD

In the services: line, ssh and dhcpv6-client services are enabled. It means

the ports corresponding to these services are also open.
You can find out what ports these services open with the following command:

$ grep ong&gt;SERVICE_NAME /etc/services
NOTE: Here, SERVICE_NAME is the service you want to see the ports of.
For example, to see the ports the ssh service opened, run the following
command:
AD

$ grep ssh /etc/services
As you can see from the marked section of the screenshot below,
the ssh service opens the TCP port 22 and UDP port 22.

AD

The command sudo firewall-cmd –list-all, shows you the

whole Firewalld configuration.
If you just want to see what services are allowed to have open ports, run the
following command:

$ sudo firewall-cmd --list-services

The services allowed to have open ports are listed as you can see from the
screenshot below.
If you want to see only the ports that are open, run the following command:

AD

$ sudo firewall-cmd --list-ports

The open ports are listed as you can see from the screenshot below.