Discovering and Displaying Open Ports on Linux

Published January 23, 2024

Discovering and Displaying Open Ports on Linux.

Linux

Explore More; Unveiling the Essence of Disk Partitioning in Linux

Enhance Linux server security by actively identifying open TCP and UDP ports on popular distributions like CentOS, Ubuntu, RHEL, and Debian. Administrators can employ essential commands such as ss, lsof, netstat, nmap, and netcat. Use these commands to reveal a comprehensive list of active ports, empowering administrators to address security vulnerabilities and safeguard data. Whether it’s checking the status of connections with ss, examining open files with lsof, or inspecting network statistics with netstat, these commands provide valuable insights. The versatile nmap aids in network exploration, while netcat facilitates connection testing. Effectively utilizing these commands ensures a proactive approach to server security, fostering a robust defense against potential threats.

Check open ports in Linux

  • Launch a Linux terminal.
  • Type ss to display all open TCP and UDP ports.
  • Another option is to use the  nmap lsof netstat netcat

1. ss command

The ss command in Linux actively presents listening ports and their associated networks. By employing specific parameters, the ss command dynamically identifies and exhibits Linux listening ports. Users can leverage the ss command with its intuitive syntax to gain insights into the network status, revealing both open ports and their corresponding connections. This versatile command not only showcases the listening ports but also provides a comprehensive view of the network activities, contributing to a more proactive and informed approach in managing server connections and ensuring robust system security.

sudo ss -tulpn

If you want your output to be organized and provide more relevant but concise information, you should run thess command with the-ltn flag:

sudo ss -ltn

Output:

State      Recv-Q     Send-Q         Local Address:Port            Peer Address:Port     Process LISTEN     0          4096           127.0.0.53%lo:53                   0.0.0.0:*LISTEN     0          5                  127.0.0.1:631                  0.0.0.0:* LISTEN     0          70                 127.0.0.1:33060                0.0.0.0:*LISTEN     0          151                127.0.0.1:3306                 0.0.0.0:* LISTEN     0          5                      [::1]:631                     [::]:*LISTEN     0          511         

In the sample output that you see, ports number 80, 3306, and 33060 are ports that HTTP and MySQL services use, and most Linux users are familiar with these ports.

Other connections on the server are in listening status on the designated ports. If this information is not enough for you and you need to know which open ports belong to which processes, you can run the -p option along with the ss command:

sudo ss -ltnp

Output:

State    Recv-Q   Send-Q      Local Address:Port        Peer Address:Port   Process LISTEN   0        4096        127.0.0.53%lo:53               0.0.0.0:*       users:((“systemd-resolve”,pid=530,fd=13)) LISTEN   0        5               127.0.0.1:631              0.0.0.0:*       users:((“cupsd”,pid=572,fd=7)) LISTEN   0        70              127.0.0.1:33060            0.0.0.0:*       users:((“mysqld”,pid=2320,fd=32)) LISTEN   0        151             127.0.0.1:3306             0.0.0.0:*       users:((“mysqld”,pid=2320,fd=34)) LISTEN   0        5                   [::1]:631                 [::]:*       users:((“cupsd”,pid=572,fd=6)) LISTEN   0        511

In the output of this command, it is determined which ports belong to mysqld, systemd-resolve, cupsd, and apache2 processes.

You can also use other options along with the ss command, such as:

  • -l option: show listening ports
  • -lt option: show listening TCP ports
  • -tul option: Access a list of TCP and UDP listening ports
  • -n option: to access the listening port of the specified service

It should be noted that you can also use the following command to get more detailed information about the ports that are listening for incoming connections:

ss -tuln | grep LISTEN

2.nmap command

Explore the capabilities of Nmap, an open-source network scanning and security auditing program. With this tool, actively search the network and pinpoint open ports on a remote local host. In a previous article, we delved into the detailed usage of the Nmap command for scanning open ports. In this article, we reiterate its significance.

To conduct a local host port scan using the Nmap command, input the IP address of the remote system or designate your own system as the LocalHost. Consider the following example to gain insight into actively scanning open ports and enhancing your network security.

sudo nmap -sT -O localhost  sudo nmap -sU -O 192.168.2.254 ##[ list open UDP ports ]##  sudo nmap -sT -O 127.0.0.1 ##[ list open TCP ports ]##  sudo nmap -sTU -O 192.168.2.24

Sample output:

Starting Nmap 7.70 ( https://nmap.org ) at 2023-03-09 23:49 IST Nmap scan report for localhost (127.0.0.1) Host is up (0.00024s latency). Other addresses for localhost (not scanned): ::1 Not shown: 998 closed ports PORT    STATE SERVICE 22/tcp  open  ssh 631/tcp open  ipp Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6.32 OS details: Linux 2.6.32 Network Distance: 0 hops  OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds

3.lsof command

Utilize the lsof command to discover processes initiated by users and access open TCP and UDP ports on your system. By executing the lsof command, actively investigate running processes and their associated ports.

Expand your exploration by employing various options tailored for specific purposes. Run the lsof command with different options to achieve diverse objectives, enhancing your ability to inspect and manage processes and network connections effectively.

  • -i option: If you don’t have access to the IP address, this command will help you to view information about all network files.
  • -p option: If you have a problem searching for the port name, you can use this option because it prevents the conversion of the port number of the network files into the port name.
  • -n option: This option is useful when you don’t want to use the DNS name and it prevents the network number from converting the hostname of the network files.
  • | grep LISTEN: organizes the output to show ports in LISTEN state.

The main syntax of this command is as follows:

sudo lsof -i -P -n

View a precise list of actively listening ports on your Linux system by using the following command. Unlike its counterpart, this command eliminates the drawback of occasionally displaying ports that aren’t genuinely open.

sudo lsof -i -P -n | grep LISTEN

4.netstat command

One of the useful commands for finding open ports is the netstat command, which displays the open ports in a list format. The basic syntax of this command to list open ports is as follows:

sudo netstat -tulpn | grep LISTEN

Other options for different purposes can be executed with the netstat command, including the following:

  • -t: Display all TCP ports
  • -u: Display all UDP ports
  • -I: providing listening server sockets
  • -P: Show PID and names of sockets programs
  • -n: It is executed so that the names are not resolved
  • | grep LISTEN: Filter the output to display open ports in LISTEN status using the grep command.

5.netcat command

Execute the netcat command to enable users to read and write data between computers using TCP and UDP protocols. The main syntax of this command is as follows, offering seamless communication between systems.

nc [options] host port

The netcat command, along with other options, will have different meanings. We will explain how to find open ports through its options below:

  • nifty -z: finding listening daemons without sending data to the port
  • -v: getting more information and activating verbosity

You can also use the following command to scan open ports:

nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v ‘Connection refused’

Replace the IP-ADDRESS in the above command with the IP Address of the Linux system you want to find open ports.

As a result, by running the previous command, you will see open and accessible ports on your Linux system.

Show open ports linux using Powershell

Explore PowerShell’s network connection testing capability with the built-in cmdlet, Test-NetConnection. While traditionally a Windows-centric command line shell, PowerShell extends its reach to Linux using the TcpClient class. Achieve similar functionality to Linux’s netstat command with PowerShell’s “Get-NetTCPConnection” cmdlet, simplifying access to open TCP ports through various parameters. To obtain a list of listening ports, execute the command:

Get-NetTCPConnection -State Listen

As a result, all listening ports are displayed.  In addition, you can run Powershell by running the following command:

Pwsh

Then create a file with your favorite text editor (we prefer the nano editor):

nano Test-Port.ps1

We created a file called Test-port.ps1.

Then add the following commands in the file you just created using the editor of your choice:

created using the editor of your choice:

<#
                .SYNOPSIS
                                This function tests for open TCP/UDP ports.
                .DESCRIPTION
                                This function tests any TCP/UDP port to see if it's open or closed.
                .NOTES
                .PARAMETER Computername
                                One or more remote, comma-separated computer names
                .PARAMETER Port
                                One or more comma-separated port numbers you'd like to test.
                .PARAMETER TcpTimeout
                                The number of milliseconds that the function will wait until declaring
                                the TCP port closed. Default is 1000.
                .EXAMPLE
                                PS> Test-Port -Computername 'LABDC','LABDC2' -Protocol TCP 80,443

                                This example tests the TCP network ports 80 and 443 on both the LABDC
                                and LABDC2 servers.
                #>
[CmdletBinding()]
[OutputType([System.Management.Automation.PSCustomObject])]
param (
    [Parameter(Mandatory)]
    [string[]]$ComputerName,
    [Parameter(Mandatory)]
    [int[]]$Port,
    [Parameter()]
    [int]$TcpTimeout = 1000
)
begin {
    $Protocol = 'TCP'
}
process {
    foreach ($Computer in $ComputerName) {
        foreach ($Portx in $Port) {           
            $Output = @{ 'Computername' = $Computer; 'Port' = $Portx; 'Protocol' = $Protocol; 'Result' = '' }
            Write-Verbose "$($MyInvocation.MyCommand.Name) - Beginning port test on '$Computer' on port '$Protocol<code>:$Portx'"
            $TcpClient = New-Object System.Net.Sockets.TcpClient
            $Connect = $TcpClient.BeginConnect($Computer, $Portx, $null, $null)
            $Wait = $Connect.AsyncWaitHandle.WaitOne($TcpTimeout, $false)
            if (!$Wait -or !($TcpClient.Connected)) {
                $TcpClient.Close()
                Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' failed port test on port '$Protocol</code>:$Portx'"
                $Output.Result = $false
            }
            else {
                $TcpClient.EndConnect($Connect)
                $TcpClient.Close()
                Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' passed port test on port '$Protocol<code>:$Portx'"
                $Output.Result = $true
                $TcpClient.Close()
                $TcpClient.Dispose()
            }
            [pscustomobject]$Output
        }
    }
}

Finally, save your changes to the Test-Port.ps1 scrip and exit the editor.

To check whether the ports you want are open, for example, checking ports 80, 22, and 443, use the following example:

./Test-Port.ps1 -ComputerName localhost –Port 22,80,443

How to check open ports in Linux through UFW Linux firewall

Gain insights into the status of your firewall’s input and output access by employing the following command. Understanding firewall rules is crucial for accurately discerning open and blocked ports, as some may be restricted by the firewall and other software.

Execute the command to ascertain the firewall’s stance on blocking access:

sudo ufw status verbose

Sample OutPut:

Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip

Retrieve a comprehensive list of configured firewall rules on the Linux server by executing the following command. This reveals the intricacies of the firewall settings, shedding light on restrictions such as blocked incoming connections and specific disallowances for MySQL and HTTP connections on ports 80 and 3306.

sudo iptables -S # IPv6 # sudo ip6tables -S

Explore More;Unveiling the 5 Key Steps to Deploy Anaconda on Ubuntu Linux
Stay Connected on Meta , X, Instagram .