×
Community Blog How to Check What Ports Are in Use on Linux

How to Check What Ports Are in Use on Linux

This article explains how to check what ports are in use on Linux.

By Alain Francois

When you are offering some services accessible through the Internet, it means you have some ports opened on your servers. In networking, a port can be described as a way for network traffic to identify a destination app or service. When installing and configuring some tools, you may need to open some ports. When doing this all the time, you can lose track of the ports that you have opened. If it happens, you can need to examine your server to know all the ports opened on the servers.

You also need to pay attention to open ports to detect an intrusion. Whether you are troubleshooting network connectivity issues or configuring a firewall, one of the first things to check is what ports are opened on your system. Linux systems offer you some commands to do this. This article explains several approaches on how to find out what ports are opened outside of your Linux system.

How Do the Ports Work?

Ports are categorized into three categories. Each category is labeled as the range of port value:

  • 0 to 1023: These are the ports reserved for system processes that offer a wide variety of network services. You need to have administrator privileges to use them.
  • 1024 to 49151: These are user ports range. They are designated for specific services.
  • 49152 to 65535: These are the private ports for private or customized services.

Linux systems have the ports contained in the /etc/services file, with the services referring to the different ports.

How to Check if a Port Is Opened

You can check the ports whereyour applications are listening on your Linux systems with some useful commands.

netstat command

The netstat command is useful to display network connections, routing tables, and various network interfaces. It can generate displays that show network status and protocol statistics with which ports are open or have established connections. It comes with the net-tools packages. If netstat is not present, you should install it:

For Debian's based systems:

$ sudo apt install net-tools

For CentOS or RHEL based systems:

$ yum install net-tools

If you run the command, you will have a lot of information:

$ netstat

1

You can have more information by adding some parameters to the command:

$ sudo netstat -plunt

2

  • p: Display the PID/Program name related to a specific connection
  • l: Only show listening ports
  • u: List UDP ports
  • n: Show numerical addresses
  • t: List TCP ports

nmap command

Nmap is a network scanning tool mainly used for security audits and penetration testing since it can discover open ports and services and detect vulnerabilities. If it's not present, you should install it:

For Debian's based systems:

$ sudo apt install nmap

For CentOS or RHEL based systems:

$ yum install nmap

The nmap command is used for many purposes, and you need to use some parameters to use it for port scanning purposes. If there is no parameter regarding the protocol, it will only scan the TCP port, so you should indicate it for UDP:

  • sT: Scan TCP ports
  • sU: Scan UDP ports
  • p: Scan all the ports (0-65535)
$ sudo nmap -sT -sU -p- localhost

3

ss command

The ss command-line can be considered as a replacement of the netstat command. It is considered simpler and faster than netstat. It also gives a lot of information when used without any parameters:

$ ss
Netid                State                 Recv-Q                Send-Q                                                 Local Address:Port                                          Peer Address:Port                  Process                
u_str                ESTAB                 0                     0                                                                  * 3035735                                                  * 3035736                                      
u_str                ESTAB                 0                     0                                                                  * 39874                                                    * 39876                                                                   

You can filter the result with some parameters like the ones used for the netstat command:

$ ss -lntup

4

How to Secure Your Server

It's good to have another level of security besides your Linux firewall where you need to close all the unnecessary ports. Normally, when you host your server on Alibaba Cloud, they offer a virtual firewall called a Security Group as the first level of security to protect your server before reaching your Linux firewall. This tool ensures that there are no risks if a port is opened on your server and not open with the virtual cloud firewall. This is useful because you can open some ports on your cloud networks between your servers for tests purposes. Alibaba Cloud also offers another service called Cloud Firewall that provides a built-in intrusion prevention system (IPS). It is the primary infrastructure that you can use to protect your services in Alibaba Cloud.

Conclusion

The security of your servers is the most important thing. You should focus the security on your firewall system and add another layer of security through some other security services offered by your cloud provider.

1 1 1
Share on

Alibaba Cloud Community

1,044 posts | 257 followers

You may also like

Comments

Dikky Ryan Pratama May 6, 2023 at 12:24 pm

wow . very easy article to understand.