How to Easily Check if a Network Port is Open in Linux

Check if a Network Port is Open in Linux

When your computer acts as a server, such as a web server or a database server, that server process must listen on a port that other computers connect to.

It’s useful to be able to find out what ports are open on your Linux server should you want to connect to one of the services being served – and it’s also useful to be able to check what ports are open so that you can make sure that you aren’t sharing something you don’t intend to.

There are a few methods for checking which ports are open on Linux, and we cover all these methods in this tutorial.

About Ports

So we’ve explained that a port is used to connect to a server – but what does that actually mean?

A port is a number between 0 and 65535 and is assigned by the computer to a process. Each process can be assigned to one or more ports, but a port can only be assigned to one process.

For example, HTTP runs on port 80 by default, serving up websites, and when you SSH to a computer, you’re probably connecting on port 22, which is the default for the SSH service. The port tells the computer what process you’re trying to reach.

A service can be set to respond on any port number. Still, there is some standardization so that users don’t have to type the port number every time they connect to an online service and so that an educated guess can be made about what protocol should be used when connecting to a server.

Well Known Ports 0 to 1023 Common network services like FTP, HTTP, SSH
Registered Ports 1024 to 49151 Ports registered with IANA for use with a designated application
Dynamic and Private Ports 49152 to 65535 Used when a temporary port number is required for a short-lived connection or private use

Check if a Network Port is Open From the Server Itself

If you’re logged into the computer you wish to see what ports are open on, use one of the following tools to see which ports are open:

The netstat Command

sudo netstat -tuplen

the netstat command prints details of network connections, it has a lot of options, but these are the ones relevant to checking ports:

-t Show TCP protocol sockets
-u Show UDP protocol sockets
-p Show the program to which the socket belongs
-l Show only listening sockets
-e Display extended info
-n Show numerical addresses

You can check out the other options by typing:

man netstat

…into your terminal to view the manual.

Sockets are the combination of local and remote IP addresses, a protocol, and local and remote port – representing a connection between two network services.

You might think that this tool would then only show ports that have an active connection – that’s why the -l option is there, to show sockets that are only listening – i.e., open ports.

If netstat is not available on your system, you can install it in Ubuntu as part of the net-tools package:

sudo apt-get install net-tools

Here’s some example output from the netstat command showing open ports:

linuxscrew@linuxscrew-host:~$ sudo netstat -tuplen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      0          29615      598/cupsd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      0          29614      598/cupsd           
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          29868      668/cups-browsed    

In this example, output CUPS (The Common Unix Printing System) has ports open and listening on port 631 for both TCP and UDP and IPv4 and IPv6 connections.

The ss Command

The ss command – another utility to investigate sockets:

sudo ss -tulpn

…Conveniently, it accepts the same options we used for netstat above. However, that doesn’t mean it’s a drop-in replacement; some syntax differs, so check the manual if you’re crafting your own commands:

man ss

Here’s some example output from the ss command showing open ports:

linuxscrew@linuxscrew-host:~$ sudo ss -tulpn
Netid     State       Recv-Q      Send-Q           Local Address:Port            Peer Address:Port     Process                                        
udp       UNCONN      0           0                      0.0.0.0:631                  0.0.0.0:*         users:(("cups-browsed",pid=668,fd=7))         
tcp       LISTEN      0           5                    127.0.0.1:631                  0.0.0.0:*         users:(("cupsd",pid=598,fd=7))                
tcp       LISTEN      0           5                        [::1]:631                     [::]:*         users:(("cupsd",pid=598,fd=6)) 

In this example, output CUPS (The Common Unix Printing System) has ports open and listening on port 631 for both TCP and UDP and IPv4 and IPv6 connections.

Check if a Network Port is Open From Another Device on the Network

If you’re not logged into the computer you’re checking the ports for, you can check over the network or internet using the telnet command if it’s available on your system:

telnet ADDRESS PORT

For example:

telnet 192.168.3.1 80

To check the HTTP port on the server at IP address 192.168.3.1

If the command returns a failure message, the port is closed – if you get an empty prompt awaiting input, the port is open!

Another tool is netcat, which has the syntax:

nc -zv address port

For example:

nc -zv 192.168.3.1 80

The two options we used in the example are detailed below – to see what else netcat can do; you can use the man command as shown for netstat and *ss.

-z Scan for listening ports, don’t try to connect
-v Verbose output with more information

Check out our article on setting up reverse proxies!

SHARE:
nv-author-image

Brad Morton

I'm Brad, and I'm nearing 20 years of experience with Linux. I've worked in just about every IT role there is before taking the leap into software development. Currently, I'm building desktop and web-based solutions with NodeJS and PHP hosted on Linux infrastructure. Visit my blog or find me on Twitter to see what I'm up to.

Leave a Reply

Your email address will not be published. Required fields are marked *