Linux Server administrators To fix server security issues and keep data safe, need to know which TCP and UDP ports are open in Linux os and distributions like Centos,Ubuntu,RHEL,Debian with use this commands (ss-lsof-netstat-nmap-netcat).
Table of Contents
Check open ports in Linux
- Launch a Linux terminal.
- Type
ssto display all open TCP and UDP ports. - Another option is to use the
nmaplsofnetstatnetcat
1. ss command
The ss command in Linux displays listening ports and their connected networks. The ss command with parameters may identify and display Linux listening ports. Command syntax for thess:
sudo ss -tulpnIf you want your output to be organized and provide more relevant but concise information, you should run thess command with the-ltn flag:
sudo ss -ltnOutput:
State Recv-Q Send-Q Local Address:Port Peer Address:Port ProcessLISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*LISTEN 0 5 127.0.0.1:631 0.0.0.0:*LISTEN 0 70 127.0.0.1:33060 0.0.0.0:*LISTEN 0 151 127.0.0.1:3306 0.0.0.0:*LISTEN 0 5 [::1]:631 [::]:*LISTEN 0 511 *:80 *:*In the sample output that you see, ports number 80, 3306, and 33060 are ports that HTTP and MySQL services use, and most Linux users are familiar with these ports.
Other connections on the server are in listening status on the designated ports. If this information is not enough for you and you need to know which open ports belong to which processes, you can run the -p option along with the ss command:
sudo ss -ltnpOutput:
State Recv-Q Send-Q Local Address:Port Peer Address:Port ProcessLISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=530,fd=13))LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=572,fd=7))LISTEN 0 70 127.0.0.1:33060 0.0.0.0:* users:(("mysqld",pid=2320,fd=32))LISTEN 0 151 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=2320,fd=34))LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=572,fd=6))LISTEN 0 511 *:80 *:* users:(("apache2",pid=2728,fd=4),("apache2",pid=2727,fd=4),("apache2",pid=2725,fd=4))In the output of this command, it is determined which ports belong to mysqld, systemd-resolve, cupsd, and apache2 processes.
You can also use other options along with the ss command, such as:
- -l option: show listening ports
- -lt option: show listening TCP ports
- -tul option: Access a list of TCP and UDP listening ports
- -n option: to access the listening port of the specified service
It should be noted that you can also use the following command to get more detailed information about the ports that are listening for incoming connections:
ss -tuln | grep LISTEN2.nmap command
Nmap is an open-source network scanning and security auditing program. Using the nmap tool, you can search the network and identify the open ports on the remote local host. Previously, we taught in detail how to use the nmap command to scan open ports in another article. We will also mention it in this article.
To scan the open ports in the Local Host using the nmap command, you can enter the IP address of the remote system and you can also specify your system as the LocalHost. Pay attention to the following example:
sudo nmap -sT -O localhostsudo nmap -sU -O 192.168.2.254 ##[ list open UDP ports ]##sudo nmap -sT -O 127.0.0.1 ##[ list open TCP ports ]##sudo nmap -sTU -O 192.168.2.24Sample output:
Starting Nmap 7.70 ( https://nmap.org ) at 2023-03-09 23:49 ISTNmap scan report for localhost (127.0.0.1)Host is up (0.00024s latency).Other addresses for localhost (not scanned): ::1Not shown: 998 closed portsPORT STATE SERVICE22/tcp open ssh631/tcp open ippDevice type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:linux_kernel:2.6.32OS details: Linux 2.6.32Network Distance: 0 hopsOS detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds3.lsof command
you can use the lsof command to find processes that users have run and access open TCP and UDP ports by running lsof command.
Along with the lsof command, you can also run different options for different purposes, as follows:
- -i option: If you don’t have access to the IP address, this command will help you to view information about all network files.
- -p option: If you have a problem searching for the port name, you can use this option because it prevents the conversion of the port number of the network files into the port name.
- -n option: This option is useful when you don’t want to use the DNS name and it prevents the network number from converting the hostname of the network files.
- | grep LISTEN: organizes the output to show ports in LISTEN state.
The main syntax of this command is as follows:
sudo lsof -i -P -nIn the output of this command, you will see a list of open ports in Linux. But this command has a drawback in that sometimes it displays ports that are not actually open. To access the ports that are currently actively listening on your Linux system, we suggest the following command:
sudo lsof -i -P -n | grep LISTEN4.netstat command
One of the useful commands for finding open ports is the netstat command, which displays the open ports in a list format. The basic syntax of this command to list open ports is as follows:
sudo netstat -tulpn | grep LISTENOther options for different purposes can be executed with the netstat command, including the following:
- -t: Display all TCP ports
- -u: Display all UDP ports
- -I: providing listening server sockets
- -P: Show PID and names of sockets programs
- -n: It is executed so that the names are not resolved
- | grep LISTEN: Filter the output to display open ports in LISTEN status using the grep command
5.netcat command
By executing the netcat command with the help of TCP and UDP protocols, the user is able to write and read data between computers, the main syntax of this command is as follows:
nc [options] host portThe netcat command, along with other options, will have different meanings. We will explain how to find open ports through its options below:
- nifty -z: finding listening daemons without sending data to the port
- -v: getting more information and activating verbosity
You can also use the following command to scan open ports:
nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v 'Connection refused'Replace the IP-ADDRESS in the above command with the IP Address of the Linux system you want to find open ports.
As a result, by running the previous command, you will see open and accessible ports on your Linux system.
Show open ports linux using Powershell
Powershell provides the ability to test network connections (Test-NetConnection) using the built-in cmdlet, but Powershell is a command line shell that is used in the Windows environment because other operating systems do not support this cmdlet. Powershell usually does not support built-in commands for Linux-specific operations. But by using TcpClient class, you can also use PowerShell features in Linux to check the listening ports and open connections.
The “Get-NetTCPConnection” cmdlet is a method with the same functionality as the netstat command in Linux to get a list of open TCP ports in Powershell, which supports various parameters to make accessing open ports easier using Powershell.
To access a list of listening ports using the “Get-NetTCPConnection” command, run the following command:
Get-NetTCPConnection -State ListenAs a result, all listening ports are displayed.
In addition, you can run Powershell by running the following command:
PwshThen create a file with your favorite text editor (we prefer the nano editor):
nano Test-Port.ps1We created a file called Test-port.ps1.
Then add the following commands in the file you just created using the editor of your choice:
<# .SYNOPSIS This function tests for open TCP/UDP ports. .DESCRIPTION This function tests any TCP/UDP port to see if it's open or closed. .NOTES .PARAMETER Computername One or more remote, comma-separated computer names .PARAMETER Port One or more comma-separated port numbers you'd like to test. .PARAMETER TcpTimeout The number of milliseconds that the function will wait until declaring the TCP port closed. Default is 1000. .EXAMPLE PS> Test-Port -Computername 'LABDC','LABDC2' -Protocol TCP 80,443 This example tests the TCP network ports 80 and 443 on both the LABDC and LABDC2 servers. #>[CmdletBinding()][OutputType([System.Management.Automation.PSCustomObject])]param ( [Parameter(Mandatory)] [string[]]$ComputerName, [Parameter(Mandatory)] [int[]]$Port, [Parameter()] [int]$TcpTimeout = 1000)begin { $Protocol = 'TCP'}process { foreach ($Computer in $ComputerName) { foreach ($Portx in $Port) { $Output = @{ 'Computername' = $Computer; 'Port' = $Portx; 'Protocol' = $Protocol; 'Result' = '' } Write-Verbose "$($MyInvocation.MyCommand.Name) - Beginning port test on '$Computer' on port '$Protocol<code>:$Portx'" $TcpClient = New-Object System.Net.Sockets.TcpClient $Connect = $TcpClient.BeginConnect($Computer, $Portx, $null, $null) $Wait = $Connect.AsyncWaitHandle.WaitOne($TcpTimeout, $false) if (!$Wait -or !($TcpClient.Connected)) { $TcpClient.Close() Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' failed port test on port '$Protocol</code>:$Portx'" $Output.Result = $false } else { $TcpClient.EndConnect($Connect) $TcpClient.Close() Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' passed port test on port '$Protocol<code>:$Portx'" $Output.Result = $true $TcpClient.Close() $TcpClient.Dispose() } [pscustomobject]$Output } }}Finally, save your changes to the Test-Port.ps1 scrip and exit the editor.
To check whether the ports you want are open, for example, checking ports 80, 22, and 443, use the following example:
./Test-Port.ps1 -ComputerName localhost -Port 22,80,443The output of the previous command will list the status of your specified ports.
How to check open ports in Linux through UFW Linux firewall
Up to this part of the article, you learned how to access a list of open ports in the Linux system using various commands, but some ports in your system may be blocked by the firewall and other software, and all the open ports you see in the list may not be open to the Internet.
Therefore, you must know the rules of the firewall in order to correctly identify the open and blocked ports. You can use the following command to find out about the state of the firewall regarding the blocking of input and output access:
sudo ufw status verboseSample OutPut:
Status: activeLogging: on (low)Default: deny (incoming), allow (outgoing), disabled (routed)New profiles: skipIn this output, you can see that incoming connections are blocked by the firewall, and Incoming MySQL and HTTP connections with ports 80 and 3306 are not allowed in the firewall rules, while these ports may be displayed as open ports by executing the 5 commands we taught.
You can also access the list of configured firewall rules on the Linux server by running the following command:
sudo iptables -S# IPv6 #sudo ip6tables -SHow to block ports in Linux
you can blocking ports in Linux with iptables or ufw firewalls.
1.Using the iptables (Default Firewall)
iptables is the default firewall for most Linux distributions. To block a specific port using iptables, follow these steps:
Identify the port to block:Determine the port number you want to block.For example,to block port 80 (HTTP),you would use the following command:
iptables -A INPUT -p tcp --dport 80 -j DROPApply the firewall rule:Save the rule by exiting the iptables editor.
iptables-saveThis will create a new firewall rule that will drop all incoming TCP traffic on port 80. To block UDP traffic on port 80, you would use:
iptables -A INPUT -p udp --dport 80 -j DROPTo block both TCP and UDP traffic on port 80, you would use a combination of the two rules:
iptables -A INPUT -p tcp --dport 80 -j DROPiptables -A INPUT -p udp --dport 80 -j DROP2.Using the UFW (Third-party Firewall)
UFW (Uncomplicated Firewall) is a user-friendly firewall interface that is popular on Ubuntu and other Debian-based distributions. To block a specific port using UFW, follow these steps:
Enable UFW:If UFW is not already enabled,enable it using the following command:
sudo ufw enableBlock the port:Add the port to the UFW deny list using:
sudo ufw deny <protocol> <port>For example, to block port 80 (HTTP) using TCP, you would use:
sudo ufw deny tcp 80To block UDP traffic on port 80, you would use:
sudo ufw deny udp 80To block both TCP and UDP traffic on port 80, you would use a combination of the two commands:
sudo ufw deny tcp 80sudo ufw deny udp 80Remember to save the UFW changes by running the following command:
sudo ufw reloadFAQ
What command should we run to check whether port 443 is open?
The netstat command can be useful for checking port 443 because the netstat command is used to access a list of open TCP ports. If you see port 443 in the output list of the netstat command, then this port is open for outgoing connections in your system.
What is the port numbering range in Linux?
A port is a string of numbers between 0 and 65535, which the Linux operating system usually uses a port in the range of 0 to 1023.
A registered port is a network port assigned by the Internet Assigned Numbers Authority (IANA) and stored in/etc/services file in linux.
Which command checks port status in linux?
By executing the commandsudo netstat -ano -p tcp, you can check the status of the port and find the TCP port and write down its PID number.
How to find out what process is using port 8080 in Linux?
By executing the command "netstat -a -n -o | find "8080" you will get a list of processes that use port 8080.
Which tool should we use for port scanning?
You can scan the port using the free and open-source Nmap tool.
How to check port numbers in linux?
The netstat and ss commands are two common commands for checking open ports, including UDP and TCP ports, which will display port numbers, listening sockets, PIDs, and application socket names using various parameters.
Related Article :What is Debian OS
Related Service :Buy Linux VPS
