How to Find Open Port in Linux?

Linux Open Source Operating System

Before explaining how to list all open network ports in Linux, we will briefly discuss ports in computer networking. In computer networking and software terms, a port is a logical entity representing a network application. A port is a term used to recognize a network service by a number.

The port serves as a communication endpoint for the Linux operating system to identify a specific process or application. A port is a 16-bit (0 to 65535) number that distinguishes one running network application from others. We can classify these port numbers into three categories,

Well-Known Ports (0 to 1023)
Registered ports (1024 to 49151)
Ephemeral ports (49152 to 65535)

Well-known ports

Port numbers 0 to 1023 are designated for standard TCP/IP server-side applications and are known as well-known ports. Knowing well-known ports allows a client application to identify the corresponding server application processes on a peering server host. For example, port 80 is generally bound to the HTTP server application and port 443 to HTTPS.

Registered ports

Registered ports are mapped to a specific service but are not part of a well-known port. Such a port generally represents a particular server application and is commonly accepted by all systems. For example, MySQL Database Server typically uses port 3306

Ephemeral ports

Like server network applications, client network programs also need ports to communicate so that the server can response back to the client application on that specific port. Ephemeral ports are dynamic ports allocated to the client program at runtime, with no pre-reservation requirement.

How to find ports and associated services on your machine:

/etc/services file in Linux keep mapping of services and its corresponding ports. You can view /etc/services to check if a specific port is known to the system. Below command will know ports to your system.

Example

$ cat /etc/services

Output

You will get the output like this.

winrm             47001/tcp        # Windows Remote Management Service
jvl-mactalk       47100/udp        # Configuration of motors conneced to industrial
ethernet
dbbrowse          47557/tcp        # Databeam Corporation
dbbrowse          47557/udp        # Databeam Corporation
directplaysrvr    47624/tcp        # Direct Play Server
directplaysrvr    47624/udp        # Direct Play Server
ap                47806/tcp        # ALC Protocol
ap                47806/udp        # ALC Protocol
bacnet            47808/tcp        # Building Automation and Control Networks
bacnet            47808/udp        # Building Automation and Control Networks
nimcontroller     48000/tcp        # Nimbus Controller
nimcontroller     48000/udp        # Nimbus Controller
nimspooler        48001/tcp        # Nimbus Spooler
nimspooler        48001/udp        # Nimbus Spooler
nimhub            48002/tcp        # Nimbus Hub
nimhub            48002/udp        # Nimbus Hub
nimgtw            48003/tcp        # Nimbus Gateway
nimgtw            48003/udp        # Nimbus Gateway

Find the open ports on the Linux system

There are ways to find the open ports on the system.

By using the netstat tool
By using ss tool
By using the lsof command

Let us check all the ways one by one

By using the netstat tool

netstat is a commonly used command to fetch network-related information from the system. To list all open ports on the system, we can use netstat command. The port can be TCP or UDP ports in different states. For example, below netstat command with lntu switches can list all tcp and udp ports where the state of the port is listening

Example

$ netstat -lntu

Option –l − It will list only listening sockets

Option –n − It will display the port number in numeric

Option t − It will list TCP ports

Option u − It will list UDP ports

Output

You will get the following output

[root@localhost /]# netstat -lntu
Active Internet connections (only servers)
Proto   Recv-Q   Send-Q      Local Address   Foreign Address State
tcp      0      0 0.0.0.0:22     0.0.0.0:*    LISTEN
tcp      0      0 127.0.0.1:25   0.0.0.0:*    LISTEN

Decoding output of this command is not that difficult. While the first column shows that it's a TCP port or UDP, Local Address and Foreign Address columns tell us about the server application's IP&Port is and the client application’s IP&Port correspondingly.

0.0.0.0:22 => Server is running on the local machine, and 0.0.0.0 is the reference of all the IPs that is assigned to the local machine, 22 is the port number

In the case of the listening state, Foreign Address is not applicable, as any client (0.0.0.0) with any ephemeral port (*) can connect to the listening port.

By Using SS tool

It is another tool to investigate sockets and is the best alternative to netstat command.

It will also list all open ports on the system.

Example

$ ss – lntu

Output

[root@localhost /]# ss -lntu
Netid  State   Recv-Q  Send-Q  Local Address:Port
Peer Address:Port
udp    UNCONN    0   0      127.0.0.1:323
*:*
udp    UNCONN    0   0      [::1]:323
[::]:*
tcp    LISTEN    0   128    *:22
*:*
tcp    LISTEN    0   100    127.0.0.1:25
*:*
tcp    LISTEN    0   128    [::]:22
[::]:*
tcp    LISTEN    0   100    [::1]:25
[::]:*
[root@localhost /]#

By using lsof command

Let us run the following command to check open TCP and UDP ports using the lsof −

lsof -i -P -n | grep LISTEN

-i − Look for listing ports

-P − Inhibits the conversion of port numbers to port names for network files. It may make lsof run a little faster. It is also useful when port name lookup is not working properly.

-n − Do not use DNS name

| grep LISTEN − Again only show ports in LISTEN state using the grep command as filter.

[root@localhost /]# lsof -i -P -n | grep LISTEN
sshd 997 root 3u IPv4 16531 0t0 TCP *:22 (LISTEN)
sshd 997 root 4u IPv6 16543 0t0 TCP *:22 (LISTEN)
master 1242 root 13u IPv4 17202 0t0 TCP 127.0.0.1:25 (LISTEN)
master 1242 root 14u IPv6 17203 0t0 TCP [::1]:25 (LISTEN)

Conclusion

On Linux, there are multiple methods for listing open ports. I recommend trying out all of the commands mentioned earlier. Linux experts commonly use the netstat command to find open network ports.

Vishesh Kumar

Updated on: 21-Nov-2022

717 Views

Kickstart Your Career

Get certified by completing the course

Get Started