This article will quickly guide you about, How to check open ports in Linux with respective service-process.

How to check open ports in Linux with respective service-process?

There are various ways by which we can determine open-listening ports on Linux.

1. Check open ports in Linux using netstat command

In basic form netstat commands display or prints information about network connections and routing table etc. However same command along with the below parameter can be used to check open ports in Linux.

Command:

netstat -tulpn | grep LISTEN

Output:

[root@rhel ~]# netstat -tulpn | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      904/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      866/master
tcp6       0      0 :::80                   :::*                    LISTEN      1086/httpd
tcp6       0      0 :::22                   :::*                    LISTEN      904/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      866/master
[root@rhel ~]#

Here in this above output command displays all TCP as well as UDP ports. If in case you want to filter it further, Lets say you want to find out the process or service used by port 80 follow below command.

[root@rhel ~]# netstat -tulpn | grep LISTEN|grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      1086/httpd
[root@rhel ~]#

In the above command port is being used by httpd service with PID 1086.

2. Check open ports in Linux using lsof utility

lsof utility basically display list of open files. However with some parameter tweaks we can able to check open ports in Linux also. By default its not installed on system please follow below sets of commands for installation according to flavour of Linux.

For RHEL and CentOS OS
#yum install lsof	

For Debian and Ubuntu OS
#apt install lsof

Command:

#lsof -i -P -n

Output:

[root@rhel ~]# lsof -i -P -n
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
chronyd   513   chrony    1u  IPv4  14330      0t0  UDP 127.0.0.1:323
chronyd   513   chrony    2u  IPv6  14331      0t0  UDP [::1]:323
dhclient  548     root    6u  IPv4  15326      0t0  UDP *:68
dhclient  548     root   20u  IPv4  15315      0t0  UDP *:41668
dhclient  548     root   21u  IPv6  15316      0t0  UDP *:23435
master    866     root   13u  IPv4  16678      0t0  TCP 127.0.0.1:25 (LISTEN)
master    866     root   14u  IPv6  16679      0t0  TCP [::1]:25 (LISTEN)
sshd      904     root    3u  IPv4  17424      0t0  TCP *:22 (LISTEN)
sshd      904     root    4u  IPv6  17426      0t0  TCP *:22 (LISTEN)
sshd      951     root    3u  IPv4  17884      0t0  TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED)
sshd      954 ec2-user    3u  IPv4  17884      0t0  TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED)
httpd    1086     root    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1088   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1089   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1090   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1091   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1092   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)

In case you want to have more details about port 80 you can use below command:

[root@rhel~]# lsof -i :80
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   1086   root    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1088 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1089 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1090 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1091 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1092 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)

Here in this above output you can clearly mentioned that, port 80 is being used by http service having PID 1086.

3. Check open ports in Linux using nmap

Nmap is an port scanning tool used in Linux. Its not installed on Linux systems by default. You need to install it using below command.

yum install nmap

Once its installed used below command to check open ports in Linux using below command.

Command:

# nmap -sT -O localhost

Output:

[root@ip-172-31-22-4 ~]# nmap -sT -O localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-15 13:59 UTC
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00023s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp
80/tcp open  http
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.9
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
[root@ip-172-31-22-4 ~]#

In the above output we can able to check open ports very easily.

In case you want to explore more about networking commands in Linux follow this article.

Get your free copy of Linux command line Cheat Sheet!!!!

Download This Book: Click Here!!