It is very important to check open ports in Linux for security purposes. This helps sysadmin to find any intrusion on system. This article will quickly guide you about, How to check open ports in Linux with respective service-process.

How to check open ports in Linux with respective service-process?

There are various ways by which we can determine open-listening ports on Linux.

1. Check open ports in Linux using netstat command

In basic form netstat commands display or prints information about network connections and routing table etc. However same command along with the below parameter can be used to check open ports in Linux.

Command:

netstat -tulpn | grep LISTEN 1 netstat - tulpn | grep LISTEN

Output:

[root@rhel ~]# netstat -tulpn | grep LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 866/master tcp6 0 0 :::80 :::* LISTEN 1086/httpd tcp6 0 0 :::22 :::* LISTEN 904/sshd tcp6 0 0 ::1:25 :::* LISTEN 866/master [root@rhel ~]# 1 2 3 4 5 6 7 [ root @ rhel ~ ] # netstat -tulpn | grep LISTEN tcp 0 0 0.0.0.0 : 22 0.0.0.0 : * LISTEN 904 / sshd tcp 0 0 127.0.0.1 : 25 0.0.0.0 : * LISTEN 866 / master tcp6 0 0 :: : 80 :: : * LISTEN 1086 / httpd tcp6 0 0 :: : 22 :: : * LISTEN 904 / sshd tcp6 0 0 :: 1 : 25 :: : * LISTEN 866 / master [ root @ rhel ~ ] #

Here in this above output command displays all TCP as well as UDP ports. If in case you want to filter it further, Lets say you want to find out the process or service used by port 80 follow below command.

[root@rhel ~]# netstat -tulpn | grep LISTEN|grep 80 tcp6 0 0 :::80 :::* LISTEN 1086/httpd [root@rhel ~]# 1 2 3 [ root @ rhel ~ ] # netstat -tulpn | grep LISTEN|grep 80 tcp6 0 0 :: : 80 :: : * LISTEN 1086 / httpd [ root @ rhel ~ ] #

In the above command port is being used by httpd service with PID 1086.

2. Check open ports in Linux using lsof utility

lsof utility basically display list of open files. However with some parameter tweaks we can able to check open ports in Linux also. By default its not installed on system please follow below sets of commands for installation according to flavour of Linux.

For RHEL and CentOS OS #yum install lsof For Debian and Ubuntu OS #apt install lsof 1 2 3 4 5 For RHEL and CentOS OS #yum install lsof For Debian and Ubuntu OS #apt install lsof

Command:

#lsof -i -P -n 1 #lsof -i -P -n

Output:

[root@rhel ~]# lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 513 chrony 1u IPv4 14330 0t0 UDP 127.0.0.1:323 chronyd 513 chrony 2u IPv6 14331 0t0 UDP [::1]:323 dhclient 548 root 6u IPv4 15326 0t0 UDP *:68 dhclient 548 root 20u IPv4 15315 0t0 UDP *:41668 dhclient 548 root 21u IPv6 15316 0t0 UDP *:23435 master 866 root 13u IPv4 16678 0t0 TCP 127.0.0.1:25 (LISTEN) master 866 root 14u IPv6 16679 0t0 TCP [::1]:25 (LISTEN) sshd 904 root 3u IPv4 17424 0t0 TCP *:22 (LISTEN) sshd 904 root 4u IPv6 17426 0t0 TCP *:22 (LISTEN) sshd 951 root 3u IPv4 17884 0t0 TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED) sshd 954 ec2-user 3u IPv4 17884 0t0 TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED) httpd 1086 root 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1088 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1089 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1090 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1091 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1092 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [ root @ rhel ~ ] # lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE / OFF NODE NAME chronyd 513 chrony 1u IPv4 14330 0t0 UDP 127.0.0.1 : 323 chronyd 513 chrony 2u IPv6 14331 0t0 UDP [ :: 1 ] : 323 dhclient 548 root 6u IPv4 15326 0t0 UDP * : 68 dhclient 548 root 20u IPv4 15315 0t0 UDP * : 41668 dhclient 548 root 21u IPv6 15316 0t0 UDP * : 23435 master 866 root 13u IPv4 16678 0t0 TCP 127.0.0.1 : 25 ( LISTEN ) master 866 root 14u IPv6 16679 0t0 TCP [ :: 1 ] : 25 ( LISTEN ) sshd 904 root 3u IPv4 17424 0t0 TCP * : 22 ( LISTEN ) sshd 904 root 4u IPv6 17426 0t0 TCP * : 22 ( LISTEN ) sshd 951 root 3u IPv4 17884 0t0 TCP 172.31.22.4 : 22 -> 103.211.42.2 : 59572 ( ESTABLISHED ) sshd 954 ec2 - user 3u IPv4 17884 0t0 TCP 172.31.22.4 : 22 -> 103.211.42.2 : 59572 ( ESTABLISHED ) httpd 1086 root 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN ) httpd 1088 apache 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN ) httpd 1089 apache 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN ) httpd 1090 apache 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN ) httpd 1091 apache 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN ) httpd 1092 apache 4u IPv6 19036 0t0 TCP * : 80 ( LISTEN )

In case you want to have more details about port 80 you can use below command:

[root@rhel~]# lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 1086 root 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1088 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1089 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1090 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1091 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1092 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) 1 2 3 4 5 6 7 8 [ root @ rhel ~ ] # lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE / OFF NODE NAME httpd 1086 root 4u IPv6 19036 0t0 TCP * : http ( LISTEN ) httpd 1088 apache 4u IPv6 19036 0t0 TCP * : http ( LISTEN ) httpd 1089 apache 4u IPv6 19036 0t0 TCP * : http ( LISTEN ) httpd 1090 apache 4u IPv6 19036 0t0 TCP * : http ( LISTEN ) httpd 1091 apache 4u IPv6 19036 0t0 TCP * : http ( LISTEN ) httpd 1092 apache 4u IPv6 19036 0t0 TCP * : http ( LISTEN )

Here in this above output you can clearly mentioned that, port 80 is being used by http service having PID 1086.

3. Check open ports in Linux using nmap

Nmap is an port scanning tool used in Linux. Its not installed on Linux systems by default. You need to install it using below command.

yum install nmap 1 yum install nmap

Once its installed used below command to check open ports in Linux using below command.

Command:

# nmap -sT -O localhost 1 # nmap -sT -O localhost

Output:

[root@ip-172-31-22-4 ~]# nmap -sT -O localhost Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-15 13:59 UTC RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Nmap scan report for localhost (127.0.0.1) Host is up (0.00023s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 3.9 Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds [root@ip-172-31-22-4 ~]# 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 [ root @ ip - 172 - 31 - 22 - 4 ~ ] # nmap -sT -O localhost Starting Nmap 6.40 ( http : //nmap.org ) at 2017-09-15 13:59 UTC RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 RTTVAR has grown to over 2.3 seconds , decreasing to 2.0 Nmap scan report for localhost ( 127.0.0.1 ) Host is up ( 0.00023s latency ) . Other addresses for localhost ( not scanned ) : 127.0.0.1 Not shown : 997 closed ports PORT STATE SERVICE 22 / tcp open ssh 25 / tcp open smtp 80 / tcp open http Device type : general purpose Running : Linux 3.X OS CPE : cpe : / o : linux : linux_kernel : 3 OS details : Linux 3.7 - 3.9 Network Distance : 0 hops OS detection performed . Please report any incorrect results at http : //nmap.org/submit/ . Nmap done : 1 IP address ( 1 host up ) scanned in 1.66 seconds [ root @ ip - 172 - 31 - 22 - 4 ~ ] #

In the above output we can able to check open ports very easily.

In case you want to explore more about networking commands in Linux follow this article.

