How to Check for Listening Ports on Linux

Introduction

Before we begin talking about how to check for Listening Ports on Linux. Let’s briefly understand – What is a Listening Port?

A listening port is a network port on which an application or process listens. Each listening port is either open or closed using a firewall. Generally, the open port is a network port that accepts incoming packets from remote locations. While dealing with network connectivity or application-specific issues, firstly you should check which ports are in use and which application is running on that specific port.

There can be only one application listening to a specific port on the same IP address. If you are running an Apache web server that listens on both ports 80 and 443 and later you are trying to install NGINX. Then, the latter will fail to start as the HTTP and HTTPS ports are already in use.

In this tutorial, you will learn how to check for Listening Ports on Linux. We will also address some of the FAQs related to Listening Ports.

Advantages of Listening Ports

  1. Network communication: Listening ports allow applications to receive incoming network packets, enabling communication between devices and services.
  2. Service availability: By opening specific ports, applications can listen for incoming requests, ensuring that services are accessible to clients or users.
  3. Security configuration: Listening ports can be monitored and protected through firewalls or other security measures to control access and prevent unauthorized connections.
  4. Troubleshooting: Examining listening ports can help identify network and application issues by determining which processes are actively waiting for connections.
  5. Flexibility and scalability: Opening listening ports provides flexibility to accommodate new services or upgrade existing ones, allowing for seamless growth and adaptation within network environments.

Step 1 – Check the Listening Ports with netstat

1) netstat is a command-line tool that provides information about network connections. execute the following command to install it:

sudo apt install net-tools

All the TCP or UDP ports that are being listened on along with the services using ports and the socket status can be listed using the following command:

sudo netstat -tunlp

The different options of this command and their meaning is listed below:

  • -t - Shows TCP ports.
  • -u - It shows UDP ports.
  • -n - Show the numerical addresses instead of resolving the hosts.
  • -l - Show only the listening ports.
  • -p - It shows the PID and the name of the listener’s process. You need to run the command as a root user or with sudo privileges to get the information.

The output will look like this:

Output

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      445/sshd            
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      929/master          
tcp6       0      0 :::3306                 :::*                    LISTEN      534/mysqld          
tcp6       0      0 :::80                   :::*                    LISTEN      515/apache2         
tcp6       0      0 :::22                   :::*                    LISTEN      445/sshd            
tcp6       0      0 :::25                   :::*                    LISTEN      929/master          
tcp6       0      0 :::33060                :::*                    LISTEN      534/mysqld          
udp        0      0 0.0.0.0:68              0.0.0.0:*                           966/dhclient 

Following are some important columns in our case:

  • Proto - Protocol that is used by the socket.
  • Local Address - The IP Address and Port Number on which the process listens.
  • PID/Program name - PID and the name of the process.

2) If you want to filter the results, use the grep command. For example, if you want to find what process listens on TCP port 22. You will type:

sudo netstat -tnlp | grep :22

The output shows that the port is being used by the SSH server:

Output

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      445/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      445/sshd

If the output is empty, then it simply means that nothing is listening on that particular port. It is also possible to filter the list based on PID, protocol, and state.

netstat is obsolete and is replaced by ss and ip. Still, it is one of the most used commands to check network connections.

Step 2 - Check the Listening Ports with ss

1) Now ss has replaced netstat. It lacks few netstat features but exposes more TCP states and is faster. As the command options are mainly the same, the transition from netstat to ss is not difficult.

You can get a list of all listening ports with ss by using the following command:

sudo ss -tunlp

The output is the same as the one reported by netstat:

Output

State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port                                                                                        
LISTEN   0        128              0.0.0.0:22             0.0.0.0:*      users:(("sshd",pid=445,fd=3))                                                        
LISTEN   0        100              0.0.0.0:25             0.0.0.0:*      users:(("master",pid=929,fd=13))                                                     
LISTEN   0        128                    *:3306                 *:*      users:(("mysqld",pid=534,fd=30))                                                     
LISTEN   0        128                    *:80                   *:*      users:(("apache2",pid=765,fd=4),("apache2",pid=764,fd=4),("apache2",pid=515,fd=4))   
LISTEN   0        128                 [::]:22                [::]:*      users:(("sshd",pid=445,fd=4))                                                        
LISTEN   0        100                 [::]:25                [::]:*      users:(("master",pid=929,fd=14))                                                     
LISTEN   0        70                     *:33060                *:*      users:(("mysqld",pid=534,fd=33))

Step 3 - Check the Listening Ports with lsof

1) The lsof is a powerful command-line utility. It provides information about files opened by the processes. Further, in Linux, everything is a file. You can imagine a socket as a file that writes to the network.

2) Next, get a list of all listening TCP ports with the lsof type:

sudo lsof -nP -iTCP -sTCP:LISTEN

Following are some of the options which are used:

  • -n - It does not convert port numbers to port names.
  • -p - Do not resolve hostnames, show numerical addresses.
  • -iTCP -sTCP:LISTEN - Shows only network files with TCP state LISTEN.
Output

COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd      445     root    3u  IPv4  16434      0t0  TCP *:22 (LISTEN)
sshd      445     root    4u  IPv6  16445      0t0  TCP *:22 (LISTEN)
apache2   515     root    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)
mysqld    534    mysql   30u  IPv6  17636      0t0  TCP *:3306 (LISTEN)
mysqld    534    mysql   33u  IPv6  19973      0t0  TCP *:33060 (LISTEN)
apache2   764 www-data    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)
apache2   765 www-data    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)
master    929     root   13u  IPv4  19637      0t0  TCP *:25 (LISTEN)
master    929     root   14u  IPv6  19638      0t0  TCP *:25 (LISTEN)

Most of the output columns names are self-explanatory:

  • COMMAND, PID, USER - these are the name, the PID, and the user running the program associated with the port.
  • NAME - It is the port number.

3) Next, find what process is listening on a particular port. Like, For the port 3306 you will use:

sudo lsof -nP -iTCP:3306 -sTCP:LISTEN

The output shows the MySQL server using port 3306:

Output

COMMAND PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
mysqld  534 mysql   30u  IPv6  17636      0t0  TCP *:3306 (LISTEN)

FAQs to Check for Listening Ports on Linux

What is the difference between netstat and ss?

netstat is a deprecated utility while ss is its replacement. ss provides more detailed information and performs better than netstat.

How do I check for listening ports on a specific IP address?

Use the -an | grep IP_ADDRESS option with netstat or ss to filter the output and display only the ports associated with the specified IP address.

Can I check for listening ports over a specific protocol like TCP or UDP?

Yes, you can use the -t option for TCP ports and the -u option for UDP ports with ss or the -t or -u options with netstat.

How can I find the process or program associated with a specific listening port?

By using the lsof -i :PORT_NUMBER command, you can find the process ID (PID) and the associated program name.

Is it possible to check for listening ports on a remote Linux server?

Yes, you can use the -a option with netstat or ss and specify the remote IP address to check for listening ports on a remote server.

How can I continuously monitor the listening ports on Linux?

You can use tools like netstat, ss, or system monitoring tools such as htop or nethogs to monitor listening ports in real-time.

Are there any graphical user interface (GUI) options to check for listening ports on Linux?

Yes, tools like nmap, zenmap, and Gufw provide GUI interfaces to scan and visualize open ports on Linux systems.

Conclusion

We hope this detailed tutorial helped you to check for Listening Ports on Linux.

If you have any queries or doubts, please leave them in the comment below. We'll be happy to address them.