All the incoming requests need a port to listen to the requests simultaneously. When it comes to checking open ports, it becomes quite unmanageable because there are 65535 ports. In this tutorial, we will see how to check open ports in Linux.
What are listening ports?
Listening ports are the ones, that listen to the incoming network requests. Every port is bonded to an IP and they use TCP and UDP ports for communications.
- Open Ports: Open ports accept all the outside connections that are using the appropriate protocol
- Closed Ports: Closed ports do not accept all the connections. They take only the predetermined connections using other outside services or applications.
One listening port can host only one service at a time. For Example, you have a website hosted on your server, and it uses port 80. Now, if you install another web server, it won’t have to use another port but 80.
How to Check Open Ports in Linux?
There are many networking tools available in Linux that will show you the results. Each tool shows the same info the only difference is the output format of the information.
How to check Open Ports using lsof Command
lsof command shows the listening ports and daemons that maintain active network connections
# sudo lsof -nP -iTCP -sTCP:LISTENOutput:
[sourabh@localhost ~]$ sudo lsof -nP -iTCP -sTCP:LISTEN
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1048 root 6u IPv6 25040 0t0 TCP [::1]:631 (LISTEN)
cupsd 1048 root 7u IPv4 25041 0t0 TCP 127.0.0.1:631 (LISTEN)If you want to search for a specific port then you can try the given format
# sudo lsof -nP -i:[port-number]For Example:
# sudo lsof -nP -i:443Output:
[sourabh@localhost ~]$ sudo lsof -nP -i:443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
chrome 2389 sourabh 16u IPv4 156398 0t0 TCP 10.131.47.19:40716->142.250.206.138:443 (ESTABLISHED)
chrome 2389 sourabh 27u IPv4 146377 0t0 TCP 10.131.47.19:49718->164.100.15.5:443 (ESTABLISHED)
chrome 2389 sourabh 29u IPv4 152185 0t0 TCP 10.131.47.19:38362->142.250.193.227:443 (ESTABLISHED)
chrome 2389 sourabh 31u IPv4 156399 0t0 TCP 10.131.47.19:40718->142.250.206.138:443 (ESTABLISHED)
chrome 2389 sourabh 32u IPv4 152247 0t0 TCP 10.131.47.19:47020->54.192.142.18:443 (ESTABLISHED)
firefox 2716 sourabh 40u IPv4 149169 0t0 TCP 10.131.47.19:51646->34.120.208.123:443 (ESTABLISHED)
firefox 2716 sourabh 61u IPv4 151199 0t0 TCP 10.131.47.19:38962->34.107.243.93:443 (ESTABLISHED)How to check Open Ports using netstat Command
Netstat command shows the network activity overview.
# sudo netstat -tunplThis command uses 5 arguments
-t - Checks for TCP ports
-u - check UDP ports
-n - Ignore DNS lookups and only shows IP addresses
-p - Shows process ID and program name that is using the port
-l - Shows listening portsOutput:
[sourabh@localhost ~]$ sudo netstat -tunpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1048/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 1048/cupsd
udp 0 0 0.0.0.0:55407 0.0.0.0:* 819/avahi-daemon: r
udp 0 0 127.0.0.1:323 0.0.0.0:* 865/chronyd
udp 0 0 224.0.0.251:5353 0.0.0.0:* 2341/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 819/avahi-daemon: r
udp6 0 0 ::1:323 :::* 865/chronyd
udp6 0 0 :::50165 :::* 819/avahi-daemon: r
udp6 0 0 :::5353 :::* 819/avahi-daemon: r How to check Open Ports using ss Command
ss command is faster and easier to use. It has also obsoleted the netstat command. ss command offers more statistics along with same options as netstat.
# sudo ss -tunlOutput:
[sourabh@localhost ~]$ sudo ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:55407 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
udp UNCONN 0 0 224.0.0.251:5353 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
udp UNCONN 0 0 [::1]:323 [::]:*
udp UNCONN 0 0 [::]:50165 [::]:*
udp UNCONN 0 0 [::]:5353 [::]:*
tcp LISTEN 0 4096 127.0.0.1:631 0.0.0.0:*
tcp LISTEN 0 4096 [::1]:631 [::]:* So these the most used commands that will show you the list of open ports in Linux.
