How to Check for Listening Ports on Linux
Introduction
Before we begin talking about how to check for Listening Ports on Linux. Let’s briefly understand – What is a Listening Port?
A listening port is a network port on which an application or process listens. Each listening port is either open or closed using a firewall. Generally, the open port is a network port that accepts incoming packets from remote locations. While dealing with network connectivity or application-specific issues, firstly you should check which ports are in use and which application is running on that specific port.
There can be only one application listening to a specific port on the same IP address. If you are running an Apache web server that listens on both ports 80
and 443
and later you are trying to install NGINX. Then, the latter will fail to start as the HTTP and HTTPS ports are already in use.
In this tutorial, you will learn how to check for Listening Ports on Linux. We will also address some of the FAQs related to Listening Ports.
Advantages of Listening Ports
- Network communication: Listening ports allow applications to receive incoming network packets, enabling communication between devices and services.
- Service availability: By opening specific ports, applications can listen for incoming requests, ensuring that services are accessible to clients or users.
- Security configuration: Listening ports can be monitored and protected through firewalls or other security measures to control access and prevent unauthorized connections.
- Troubleshooting: Examining listening ports can help identify network and application issues by determining which processes are actively waiting for connections.
- Flexibility and scalability: Opening listening ports provides flexibility to accommodate new services or upgrade existing ones, allowing for seamless growth and adaptation within network environments.
Step 1 – Check the Listening Ports with netstat
1) netstat
is a command-line tool that provides information about network connections. execute the following command to install it:
sudo apt install net-tools
All the TCP or UDP ports that are being listened on along with the services using ports and the socket status can be listed using the following command:
sudo netstat -tunlp
The different options of this command and their meaning is listed below:
-t
- Shows TCP ports.-u
- It shows UDP ports.-n
- Show the numerical addresses instead of resolving the hosts.-l
- Show only the listening ports.-p
- It shows the PID and the name of the listener’s process. You need to run the command as a root user or with sudo privileges to get the information.
The output will look like this:
Output
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 445/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 929/master
tcp6 0 0 :::3306 :::* LISTEN 534/mysqld
tcp6 0 0 :::80 :::* LISTEN 515/apache2
tcp6 0 0 :::22 :::* LISTEN 445/sshd
tcp6 0 0 :::25 :::* LISTEN 929/master
tcp6 0 0 :::33060 :::* LISTEN 534/mysqld
udp 0 0 0.0.0.0:68 0.0.0.0:* 966/dhclient
Following are some important columns in our case:
Proto
- Protocol that is used by the socket.Local Address
- The IP Address and Port Number on which the process listens.PID/Program name
- PID and the name of the process.
2) If you want to filter the results, use the grep
command. For example, if you want to find what process listens on TCP port 22. You will type:
sudo netstat -tnlp | grep :22
The output shows that the port is being used by the SSH server:
Output
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 445/sshd
tcp6 0 0 :::22 :::* LISTEN 445/sshd
If the output is empty, then it simply means that nothing is listening on that particular port. It is also possible to filter the list based on PID, protocol, and state.
netstat
is obsolete and is replaced by ss
and ip
. Still, it is one of the most used commands to check network connections.
Step 2 - Check the Listening Ports with ss
1) Now ss
has replaced netstat
. It lacks few netstat
features but exposes more TCP states and is faster. As the command options are mainly the same, the transition from netstat
to ss
is not difficult.
You can get a list of all listening ports with ss
by using the following command:
sudo ss -tunlp
The output is the same as the one reported by netstat
:
Output
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=445,fd=3))
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=929,fd=13))
LISTEN 0 128 *:3306 *:* users:(("mysqld",pid=534,fd=30))
LISTEN 0 128 *:80 *:* users:(("apache2",pid=765,fd=4),("apache2",pid=764,fd=4),("apache2",pid=515,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=445,fd=4))
LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=929,fd=14))
LISTEN 0 70 *:33060 *:* users:(("mysqld",pid=534,fd=33))
Step 3 - Check the Listening Ports with lsof
1) The lsof
is a powerful command-line utility. It provides information about files opened by the processes. Further, in Linux, everything is a file. You can imagine a socket as a file that writes to the network.
2) Next, get a list of all listening TCP ports with the lsof
type:
sudo lsof -nP -iTCP -sTCP:LISTEN
Following are some of the options which are used:
-n
- It does not convert port numbers to port names.-p
- Do not resolve hostnames, show numerical addresses.-iTCP -sTCP:LISTEN
- Shows only network files with TCP state LISTEN.
Output
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 445 root 3u IPv4 16434 0t0 TCP *:22 (LISTEN)
sshd 445 root 4u IPv6 16445 0t0 TCP *:22 (LISTEN)
apache2 515 root 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
mysqld 534 mysql 30u IPv6 17636 0t0 TCP *:3306 (LISTEN)
mysqld 534 mysql 33u IPv6 19973 0t0 TCP *:33060 (LISTEN)
apache2 764 www-data 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
apache2 765 www-data 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
master 929 root 13u IPv4 19637 0t0 TCP *:25 (LISTEN)
master 929 root 14u IPv6 19638 0t0 TCP *:25 (LISTEN)
Most of the output columns names are self-explanatory:
COMMAND
,PID
,USER
- these are the name, the PID, and the user running the program associated with the port.NAME
- It is the port number.
3) Next, find what process is listening on a particular port. Like, For the port 3306
you will use:
sudo lsof -nP -iTCP:3306 -sTCP:LISTEN
The output shows the MySQL server using port 3306
:
Output
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 534 mysql 30u IPv6 17636 0t0 TCP *:3306 (LISTEN)
FAQs to Check for Listening Ports on Linux
What is the difference between netstat
and ss
?
netstat
is a deprecated utility while ss
is its replacement. ss
provides more detailed information and performs better than netstat
.
How do I check for listening ports on a specific IP address?
Use the -an | grep IP_ADDRESS
option with netstat
or ss
to filter the output and display only the ports associated with the specified IP address.
Can I check for listening ports over a specific protocol like TCP or UDP?
Yes, you can use the -t
option for TCP ports and the -u
option for UDP ports with ss
or the -t
or -u
options with netstat
.
How can I find the process or program associated with a specific listening port?
By using the lsof -i :PORT_NUMBER
command, you can find the process ID (PID) and the associated program name.
Is it possible to check for listening ports on a remote Linux server?
Yes, you can use the -a
option with netstat
or ss
and specify the remote IP address to check for listening ports on a remote server.
How can I continuously monitor the listening ports on Linux?
You can use tools like netstat
, ss
, or system monitoring tools such as htop
or nethogs
to monitor listening ports in real-time.
Are there any graphical user interface (GUI) options to check for listening ports on Linux?
Yes, tools like nmap
, zenmap
, and Gufw
provide GUI interfaces to scan and visualize open ports on Linux systems.
Conclusion
We hope this detailed tutorial helped you to check for Listening Ports on Linux.
If you have any queries or doubts, please leave them in the comment below. We'll be happy to address them.