How do you know which ports are listening on a Linux server? When ports are listening, it means they are trying to establish a connection. And when ports are in use, it means they have already established a connection.
It is important to know these distinctions as it determines which specific troubleshooting technique or solution you will use. A right solution to a given problem means you have understood the nature of that problem, and you know how to properly approach it.
In Linux systems, there are several tools both native on your installed OS and both available in a number of repositories that you can download and use. Each of these tools offers different functionalities inherent to their particular purpose.
Depending on the complexity of the problem, these tools that we will be discussing in this article, will help you in one way or another, check which ports are open and are listening.
When is a Port Listening?
Ports are channels to which certain applications use to communicate. A port is “listening” when it is trying to receive a connection or when it is trying to connect to a specific application. In essence, a port becomes the bridge when certain applications try to communicate with one another.
In Linux systems, tools that provide information on the state of the port typically provide syntaxes such as “LISTEN” or “OPEN” when a port is listening. Each tool has its own way of checking open ports, so make sure to properly read its documentation to know its capabilities and limits.
Take note that in each of the provided commands that we will be discussing, it is important that the user must have sudo privileges to provide a proper and informative output from the commands.
Check Listening Ports using lsof
Lsof, short for list open files, lists on its standard output file information about files opened by processes for Unix dialects. Processes are essentially files being written in a typical Linux system.
Lsof is natively installed on most, if not all, Linux-based distributions, so you don’t have to install or download it. To know which ports are listening, simply type the command:
$ sudo lsof -nP -iTCP -sTCP:LISTEN
-nmeans to not convert port numbers to port names.
-pmeans to not resolve hostnames but show numerical addresses.
-iTCP -sTCP:LISTENmeans show only network files with TCP state LISTEN.
Lsof will display the commands used, PIDs, the user, and the port number of the listening port.
To know more information on how lsof works, visit the lsof man page and check out how you can utilize the different options it can offer.
Check Listening Ports using ss, formerly netstat
Netstat is a CLI utility that lets you print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It has been a very handy tool in Linux but was since deprecated and rebranded into “ss”.
Ss, according to its manpages, is just another utility to investigate sockets. But don’t be fooled, it is also used to dump a diverse range of socket statistics. It can also display more TCP and state information than other tools.
To know which ports are listening, simply type the command:
$ sudo ss -tulpn
-tmeans to display TCP ports
-umeans to display UDP ports
-lmeans to display only ports which are listening
-pmeans to show the PID the process is using
-nmeans to display the IP addresses
The ss command will display the type of protocol the port is using, the state of the port connection, the address, and which port number is assigned, among others.
To know more information on how ss works, visit the official ss man page. And check out how you can utilize the different options it can offer.
Check Listening Ports using nmap
Nmap, or “Network Mapper” is a powerful open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network. Along with what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
In this article, we can not only check what ports are listening on your system. But you can practically scan another remote host to see if they also have open ports.
To know which ports your device is listening to, simply type the command:
$ nmap -sTU localhost
-sTUmeans to scan all TCP and UDP ports available
You can also add a “-O” flag to know its OS. Change the local host to the desired IP address if you are targeting a remote server.
The nmap command will display basic information such as the ports opened, its state, and the service it usually is connected to.
To know more information on how nmap works, visit the official nmap man page and check out how you can utilize the different options it can offer.
Linux offers an array of tools and utilities to aid you in your efforts to troubleshoot issues, explore programming or networking, or just satisfy your curiosity.
The capabilities of the tools mentioned are just a scratch on the surface of what they are fully capable of. So it’s up to the user to fully explore their capabilities and learn how to use them to their fullest.
If this guide helped you, please share it. ?