How to check ports on linux

Check open ports in Linux | Test firewall rules

Table of Contents

Lately I was going through some articles from different search engine to check open ports in Linux. I was quiet surprised with the results as most of these articles in the search results talks about using ss, netstat etc to check if a port is open in Linux.

You have to understand the difference and your requirement.

Do you want to check if a port is open on the destination server or between source and destination server?

Do you want to check if a port is in LISTENING state on the destination server.

As it doesn’t necessarily mean that if a port is not listening then it is not open. A port will be in LISTEN state only when it is in use by some process or else a port can be open and free but since it is not in USE it will not be listed with netstat, lsof, ss commands etc.

So I hope you are clear with your requirement.

In this article I will share the different ways to check open ports or if a port is open on the destination server in Linux.

Method-1: Check open ports using nmap

nmap is an open source tool for network exploration and security auditing. Let’s verify if nmap can successfully give us list of open ports on a Linux server:

Currently I have not added any firewall rules on my destination server:

Now let us check open ports between 35520-35522 on this server using some different client machine with nmap:

Now here are the list of listening ports on server-2 :

So if we try to scan these listening ports using nmap:

All of these ports are marked as OPEN. So unless your ports are in use by some process, they will not be marked as OPEN.

Let’s perform some more tests. I will DROP all the incoming requests and only allow certain ports on server-2 using iptables:

List the applied rules

Now port 35520 is marked as CLOSED as it is explicitly allowed in iptables but currently is not in use while others are marked as FILTERED as they are blocked in firewall.

Understanding different states in nmap

Though the current version of NMAP is capable of performing many tasks, it initially started out as a port scanner. NMAP has certain ways to detect whether the port on the target system is open or closed. NMAP detects the status of the target port using predefined states as follows:

Method-2: Check list of open ports in Linux using hping3

Another wonderful tool to perform network scan is hping3 in Linux. You may download hping3 using EPEL repo.

We will retain the iptables rule which we applied in the previous example where we had blocked all the ports except 22 and 35520 and perform network scan using hping3:

So based on the above hint, hping3 got a RESET request with ACK on port 35520 which means the port may be in OPEN state while the other ports in the provided range are not responding so they are closed.

If any of the port is in LISTENING state then hping3 will return SYN and ACK flag as shown below:

Method-3: Test firewall rules

Now you may using the tools which I explained above to check open ports but if you wish to test firewall rules then I would recommend using netcat or nc tool. nc can be used to open any port and mark it as listening and then on the client server you can again use nc to send some dummy data to test firewall rule.

Let us retain the above applied iptables rule, so on our server port 35520 is allowed in the firewall. To test this firewall rule, we will enable port 35520 using nc:

So our server is now listening on port 35520, now let’s try to connect to this port using any other client node:

As you can see, nc was able to connect to server-2 using port 35520. Now if you try to send any string from client to server:

Monitor the console on server-1 and you will receive this string:

Similarly let’s try to test firewall rule for any other port which is blocked (we have blocked all the ports except 35520 and 22):

Since port 35521 port is blocked in the firewall, the same will not be accessible from server-1 :

Summary

In this article I shared different methods to perform network scanning to check open ports and test firewall rules in Linux. There are many other tools available which can be used for this purpose. But again I don’t rely on telnet, ss or netstat commands for this purpose as they may not give you accurate data based on your requirement. nmap, hping3 are very vast tools with alot of different options and features which are not covered in this article. I would suggest to go through their man page and explore different options.

Further Readings

Related Posts

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

How to check for open ports on your Ubuntu server

Last updated: July 6th 2021

Introduction

This guide explains different methods to check for open ports on your Webdock server. An open port is a port on which some process or application is running and it can accept data. In this guide we will use different tools to find out which ports are open.

An open port is defined as a port which has a service listening and accepting connections. You may find that you have services listening on ports which despite this are not accessible from the internet. This is what your firewall does: Block access to ports which you haven’t explicitly allowed access to. For a guide on managing your firewall, take a look at our UFW guide here.

Prerequisites

The difference between addresses

Check for open ports using nmap

Network mapper or nmap is an open source tool used to scan networks and find open ports on a host. The following command will scan all the ports on the host.

In order to check a specific port whether it is open or not, use the -p option to specify the port.

Be careful using nmap as if you accidentally start scanning the entire network, you risk that your IP address will be banned.

Check for open ports using lsof

The lsof (list open files) command, as name suggests, is used to list all the open files in linux. These files may be network sockets, disk files or devices opened by different processes. Use the lsof command along with the -nP options to list all open sockets.

List only the TCP open sockets.

For UDP open sockets, use the following command.

Check for open ports using netstat

The netstat (network statistic) command can be used to monitor and scan networks. Get a list of all tcp and udp open ports using the netstat command.

List TCP ports only.

For UDP ports only.

Check open ports using ss

The ss command is used to list detailed information of the network sockets. It provides more detailed information than the netstat command. List all the listening ports on a linux system.

To list only TCP listening ports, use the -lt flag.

For UDP listening ports, use the -lu flag.

Conclusion

There are different tools available to monitor open ports on your server. In this guide we discussed how we can check for open ports on Webdock server using different command line tools like nmap, ss, netstat and lsof.

We have servers in:

How to check ports on linux

When working with a Linux system, sometimes you encounter networking issues or you have to configure the firewall.

In these situations, maybe you need to check whether specific ports are opened or not? There are commands to determine if a port is in use on Linux or Unix-like server.

Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform Linux related queries.

In this context, we shall look into methods to figure out what ports are opened on your Ubuntu 20.04 Linux system.

An open port is a TCP or UDP network port that accepts incoming packets from outside.

For example, if an SSH server is installed on your Linux system, it will listen on port 22.

In case this port is open on the firewall, the users from remote systems will be able to establish an SSH connection to your system.

We say that port 22 is an open port.

Bearing in mind that we should expose only the necessary ports for the applications can run properly.

Other unnecessary ports should be closed for avoiding security risks.

Nmap stands for Network Mapper. It is a useful and powerful utility that used to scan hosts and services on a network.

Other than the host ports scanning feature, nmap can also discover the MAC addresses, operating systems, kernel versions, and so on.

By default, nmap is not pre-installed on Ubuntu 20.04. You can install it by running the following commands:

Verify that nmap is successfully installed:

Now, it’s time to use nmap to check the opening ports on your system.

Let’s run the command:

10.120.0.1 is your internal IP address of your host.

Netcat is a powerful command line tool that performs the networking operation. It uses TCP and UDP protocols for reading and writing data across networks.

Necat can be used for scanning and redirecting network ports as well.

If you want to check open ports in the range 20-25 on a Ubuntu 20.04 machine that has IP 10.120.0.1, run the following command:

-z indicates that netcat scan only for open ports

-v sends verbose information to the terminal

In case you want to show only the open ports, you can run:

Conclusion

This article covers some common tools that can be used to check the open ports on a Linux system. It is important you verify which ports are listening on the server’s network interfaces. You need to pay attention to open ports to detect an intrusion.

Apart from an intrusion, for troubleshooting purposes, it may be necessary to check if a port is already in use by a different application on your servers.

For example, you may install Apache and Nginx server on the same system. So it is necessary to know if Apache or Nginx is using TCP port # 80/443.

To check the listening ports and applications on Ubuntu Linux:

1. Open a terminal application i.e. shell prompt.

2. Run any one of the following command on Linux to see open ports:

You can check the listening ports and applications with netstat as follows.

Run netstat command along with grep command to filter out port in LISTEN state:

The netstat command deprecated for some time on Linux. Therefore, you need to use the ss command as follows:

How to check for open ports on Linux

The command netstat is present on all computer OS (Operating Systems) to monitor network connections. The following command uses netstat to show all listening ports using the TCP protocol:

Where:
netstat: calls the program.
-l: lists listening ports.
-t: specifies TCP protocol.

The output is human friendly, well ordered in columns showing the protocol, received and sent packets, local and remote IP addresses and the port state.

If you change the TCP protocol for UDP the result, at least on Linux, will display only open ports without specifying the state because contrary to the TCP protocol, the UDP protocol is stateless.

The option above will display information for TCP, UDP and Unix socket protocols.

All examples above show how to print information on listening ports without established connections. The following command shows how to display listening ports and established connections:

Where:
netstat: calls the program
-v: verbosity
-a: shows active connections.
-t: shows tcp connections
-n: shows ports in numerical value

Let’s say you identified a suspicious process in your system and you want to check associated ports to it. You can use the command lsof used to list open files associated to processes.

In the next example I will check the process 19327:

Where:
lsof: calls the program
-i: lists files interacting with internet, the option 4 instructs to print only IPv4, the option 6 is available for IPv6.
-a: instructs the output to be ANDed.
-p: specifies the PID number of the process you want to check.

As you see the process is associated with the listening smtp port.

How to check for open ports on linux remotely

If you want to detect ports on a remote system the most widely used tool is Nmap (Network Mapper). The following example shows a single port scan against Linuxhint.com:

The output is ordered in 3 columns showing the port, the port state and the service listening behind the port.

By default nmap scans the most common 1000 ports only. If you want nmap to scan all ports run:

At the Related Articles section of this tutorial you can find additional tutorials on Nmap to scan ports and targets with many additional options.

Removing services on Debian 10 buster

Additionally to firewall rules to keep your ports blocked removing unnecessary services is recommended. Under Debian 10 Buster this can be achieved with apt.
The following example shows how to remove the Apache 2 service using apt:

If requested press Y to end the removal.

How to close open ports on Linux using UFW

If you find open ports you don’t need to be open the easiest solution is to close it using UFW (Uncomplicated Firewall)
There are two ways to block a port, by using the option deny and with the option reject, the difference is the reject instruction will inform the second side the connection was rejected.

To block the port 22 using the rule deny just run:

To block the port 22 using the rule reject just run:

On the Related Articles section at the end of this tutorial you can find a good tutorial on Uncomplicated Firewall.

How to close open ports on Linux using iptables

While UFW is the easiest way to manage ports, it is a frontend for Iptables.
The following example shows how to reject connections to the port 22 using iptables:

The rule above instructs to reject all tcp incoming (INPUT) connections to destination port (dport) 22. Being rejected the source will be informed the connection was rejected.

The following rule just drops all packets without informing the source the connection was rejected:

I hope you found this brief tutorial useful. Keep following LinuxHint for additional updates and tips on Linux and Networking.

Related articles:

About the author

David Adams

David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.

How to check list of open ports in Linux

Recently we had written three articles similar to this topic.

The below articles will help you to check whether the given ports are open or not in the remote servers.

In this article let us see how to check the list of open ports on the local system.

There are many utilities available in Linux for this purpose.However, I’m including top four Linux commands to check this.

It can be done using the following four commands. These are very famous and widely used by Linux admins.

How to check list of open ports in Linux using netstat command?

netstat stands for Network Statistics, is a command-line tool that displays network connections related information (both incoming and outgoing) such as routing tables, masquerade connections, multicast memberships and a number of network interface.

It will list out all the tcp, udp socket connections and the unix socket connections.

It is used to diagnose network problems in the network and to determine the amount of traffic on the network as a performance measurement.

If you would like to check any particular port status then use the following format.

How to check list of open ports in Linux using ss Command?

ss is used to dump socket statistics. It will show information similar to netstat. It can display more TCP and state information than other tools.

If you would like to check any particular port status then use the following format.

How to check list of open ports in Linux using nmap Command?

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

Nmap uses raw IP packets in novel ways to determine which hosts are available on the network, whichservices (application name and version) those hosts are offering, which operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

If you would like to check any particular port status then use the following format.

How to check list of open ports in Linux using lsof Command?

It shows you the list of open files on the system and the processes that opened them. Also shows you other information’s related to the files.

If you would like to check any particular port status then use the following format.