check listening ports on linux 1

How to Check Listening Ports on Linux

How do you know which ports are listening on a Linux server? When ports are listening, it means they are trying to establish a connection. And when ports are in use, it means they have already established a connection.

It is important to know these distinctions as it determines which specific troubleshooting technique or solution you will use. A right solution to a given problem means you have understood the nature of that problem, and you know how to properly approach it.

In Linux systems, there are several tools both native on your installed OS and both available in a number of repositories that you can download and use. Each of these tools offers different functionalities inherent to their particular purpose.

Depending on the complexity of the problem, these tools that we will be discussing in this article, will help you in one way or another, check which ports are open and are listening.

When is a Port Listening?

Ports are channels to which certain applications use to communicate. A port is “listening” when it is trying to receive a connection or when it is trying to connect to a specific application. In essence, a port becomes the bridge when certain applications try to communicate with one another.

In Linux systems, tools that provide information on the state of the port typically provide syntaxes such as “LISTEN” or “OPEN” when a port is listening. Each tool has its own way of checking open ports, so make sure to properly read its documentation to know its capabilities and limits.

Take note that in each of the provided commands that we will be discussing, it is important that the user must have sudo privileges to provide a proper and informative output from the commands.

Check Listening Ports using lsof

Lsof, short for list open files, lists on its standard output file information about files opened by processes for Unix dialects. Processes are essentially files being written in a typical Linux system.

Lsof is natively installed on most, if not all, Linux-based distributions, so you don’t have to install or download it. To know which ports are listening, simply type the command:

$ sudo lsof -nP -iTCP -sTCP:LISTEN

Where:

  • -n means to not convert port numbers to port names.
  • -p means to not resolve hostnames but show numerical addresses.
  • -iTCP -sTCP:LISTEN means show only network files with TCP state LISTEN.
check listening ports on linux

Lsof will display the commands used, PIDs, the user, and the port number of the listening port. 

To know more information on how lsof works, visit the lsof man page and check out how you can utilize the different options it can offer.

Check Listening Ports using ss, formerly netstat

Netstat is a CLI utility that lets you print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It has been a very handy tool in Linux but was since deprecated and rebranded into “ss”.

Ss, according to its manpages, is just another utility to investigate sockets. But don’t be fooled, it is also used to dump a diverse range of socket statistics. It can also display more TCP and state information than other tools.

To know which ports are listening, simply type the command:

$ sudo ss -tulpn
check listening ports on linux

Where:

  • -t means to display TCP ports
  • -u means to display UDP ports
  • -l means to display only ports which are listening
  • -p means to show the PID the process is using
  • -n means to display the IP addresses 

The ss command will display the type of protocol the port is using, the state of the port connection, the address, and which port number is assigned, among others.

To know more information on how ss works, visit the official ss man page. And check out how you can utilize the different options it can offer.

Check Listening Ports using nmap

Nmap, or “Network Mapper” is a powerful open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. 

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network. Along with what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. 

In this article, we can not only check what ports are listening on your system. But you can practically scan another remote host to see if they also have open ports.

To know which ports your device is listening to, simply type the command:

$ nmap -sTU localhost
check listening ports on linux

Where:

  • -sTU means to scan all TCP and UDP ports available

You can also add a “-O” flag to know its OS. Change the local host to the desired IP address if you are targeting a remote server.

The nmap command will display basic information such as the ports opened, its state, and the service it usually is connected to. 

To know more information on how nmap works, visit the official nmap man page and check out how you can utilize the different options it can offer.

Final Thoughts

Linux offers an array of tools and utilities to aid you in your efforts to troubleshoot issues, explore programming or networking, or just satisfy your curiosity. 

The capabilities of the tools mentioned are just a scratch on the surface of what they are fully capable of. So it’s up to the user to fully explore their capabilities and learn how to use them to their fullest.

If this guide helped you, please share it. ?

Leave a Reply
Related Posts