Introduction
Before we begin talking about how to check (scan) for open ports in Linux, let's briefly understand – What is an Open Port ?
An open port in Linux refers to a communication endpoint that allows data to enter or exit the system. It plays a crucial role in network communication, allowing services and applications to send and receive data.
In this tutorial, you will check (scan) for open ports in Linux. We will also address a few FAQs on how to check (scan) for open ports in Linux.
Advantages of Open Ports
- Enhanced connectivity: Open ports facilitate seamless network communication for applications and services.
- Remote access: Open ports enable users to access systems remotely, allowing for efficient management and troubleshooting.
- Flexibility: Open ports offer freedom to configure and customize network services according to specific needs.
- Collaboration: Open ports allow the easy sharing and exchange of data between different systems and networks.
- Streamlined workflows: Open ports simplify data transfer processes, improving overall productivity and efficiency.
What is Open Port?
A program that listens on a network port is known as a listening port. You may retrieve a list of your system's listening ports by using tools like ss, netstat, or lsof to query the network stack. Using a firewall, each listening port can be opened or blocked (filtered).
A network port that admits incoming packets from faraway destinations is known as an open port.
For instance, if your web server listens on ports 80 and 443 and those ports are open on your firewall, anyone (excluding blocked ips) can use his browser to view websites housed on your web server. Both ports 80 and 443 are open in this scenario.
Open ports can be a security issue since attackers can use them to exploit vulnerabilities or carry out other types of attacks. All other ports should be closed and just the ports required for your application's operation should be exposed.
Check Open Ports with nmap
Nmap is a network scanning program capable of scanning both single hosts and big networks. It's mostly used for penetration testing and security assessments.
When it comes to port scanning, nmap should be your first choice if it is available. Nmap can determine the Mac address, OS type, kernel versions, and much more in addition to port scanning.
Which ports are listening for TCP connections from the network can be determined by using the following command from the console:
sudo nmap -sT -p- 10.10.8.8
The -sT option instructs nmap to scan for TCP ports, whereas the -p- option instructs it to scan for all 65535 ports. If the -p- option is not specified, nmap will only scan the 1000 most popular ports.
Output
Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for 10.10.8.8
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
Only ports 22, 80, and 8069 are open on the target system, according to the output.
Instead of -sT, use -sU to scan for UDP ports:
sudo nmap -sU -p- 10.10.8.8
Visit the nmap man page for more information and to learn about all of this tool's other useful features.
Check Open Ports with netcat
Netcat (or nc) is a command-line utility that uses the TCP or UDP protocols to read and write data across network connections.
Netcat can scan a single port or a range of ports.
To search for open TCP ports on a distant system with IP address 10.10.8.8 in the range 20-80, for example, execute the command:
nc -z -v 10.10.8.8 20-80
The -z option instructs nc to scan only for open ports and not transfer any data, whereas the -v option provides more detailed information.
This is what the output will look like:
Output
The -z option instructs nc to scan only for open ports and not transfer any data, whereas the -v option provides more detailed information.
This is what the final product will look like:
If you just want the lines with open ports written on the screen, use the grep command to filter the results.
nc -z -v 10.10.8.8 20-80 2>&1 | grep succeeded
Output
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
Connection to 10.10.8.8 80 port [tcp/http] succeeded!
Pass the -u argument to the nc command to scan for UDP ports:
nc -z -v -u 10.10.8.8 20-80 2>&1 | grep succeeded
Check Open Ports using Bash Pseudo Device
The Bash shell /dev/tcp/.. or /dev/udp/.. pseudo-device can also be used to determine whether a port is open or closed.
Bash will open a TCP or UDP connection to the specified host on the specified port when a command is run on a /dev/$PROTOCOL/$HOST/$IP pseudo-device.
The if..else statement below will check if port 443 on kernel.org is open:
if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
echo "Port is open"
else
echo "Port is closed"
fi
Output
Port is open
What is the purpose of the code above?
Because the default timeout when connecting to a port via a pseudo-device is so long, we're utilizing the timeout command to kill the test command after 5 seconds. The test command will return true if the connection to kernel.org port 443 is established.
Use the for loop to check for a port range:
for PORT in {20..80}; do
timeout 1 bash -c "</dev/tcp/10.10.8.8/$PORT &>/dev/null" && echo "port $PORT is open"
done
You will get an output like below:
Output
port 22 is open
port 80 is open
FAQs to Check (Scan) for Open Ports in Linux
What is the purpose of scanning for open ports?
Scanning for open ports helps identify potential security vulnerabilities and ensures proper configuration of network services.
Can I scan for open ports on remote systems?
Yes, as long as you have proper network access and permissions, you can scan remote systems for open ports in Linux.
Are there any graphical tools available for port scanning on Linux?
Yes, tools like Zenmap and Angry IP Scanner provide graphical interfaces to scan and visualize open ports in Linux.
Is it legal to scan for open ports on someone else's network?
Port scanning is subject to legal restrictions and should only be performed with proper authorization. Unethical or unauthorized scanning is illegal.
How do I interpret the results of a port scan?
Open ports are typically listed with their corresponding services or applications. Closed or filtered ports may indicate restricted access or firewall configurations.
Are there any risks associated with port scanning?
Port scanning itself is generally harmless, but it may trigger security alerts or be blocked by firewalls. Always ensure you have proper permission before scanning.
How often should I scan for open ports on my Linux system?
Regular port scanning, especially after system changes or updates, ensures ongoing security and helps identify any new vulnerabilities.
Conclusion
We've taught you how to scan for open ports with a variety of tools in this tutorial. You can also check for open ports using other utilities and methods, such as the Python socket module, curl, telnet, or wget.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.