3 ways to check open ports in Linux with the appropriate service process

It is very important to check open ports on Linux for security purposes. This helps the system administrator find any intrusion into the system. This article will help you quickly check open ports in Linux with the appropriate service process.

How to check open ports in Linux with the corresponding service process?

There are various ways in which you can determine the open listening ports on Linux.

1. Checking open ports in Linux using the NETSTAT command

In its basic form, the NetStat command displays or prints information about network connections and the routing table, etc. However, the same command together with the parameter below can be used to check for open ports on Linux.

Team:

netstat -tulpn | grep LISTEN

Conclusion:

[[email protected] ~]# netstat -tulpn | grep LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      904/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      866/master
tcp6       0      0 :::80                   :::*                    LISTEN      1086/httpd
tcp6       0      0 :::22                   :::*                    LISTEN      904/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      866/master
[[email protected] ~]#

Here is the command above displays all output TCPs as well as UDP ports. In case you want to filter it further, let’s say you want to know the process or service used on port 80, you should use the command below.

[[email protected] ~]# netstat -tulpn | grep LISTEN|grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      1086/httpd
[[email protected] ~]#

The above command port uses the HTTPd service with PID 1086.

2. Checking open ports in Linux using the lsof utility

The lsof utility basically displays a list of open files. However, with some parameter tweaks, we may be able to also check open ports in Linux. It is not installed on the system by default, please follow below command set to install according to Linux distribution.

Для RHEL и CentOS OS
#yum install lsof
 
Для Debian и Ubuntu OS
#apt install lsof

Team:

#lsof -i -P -n

Conclusion:

[[email protected] ~]# lsof -i -P -n
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
chronyd   513   chrony    1u  IPv4  14330      0t0  UDP 127.0.0.1:323
chronyd   513   chrony    2u  IPv6  14331      0t0  UDP [::1]:323
dhclient  548     root    6u  IPv4  15326      0t0  UDP *:68
dhclient  548     root   20u  IPv4  15315      0t0  UDP *:41668
dhclient  548     root   21u  IPv6  15316      0t0  UDP *:23435
master    866     root   13u  IPv4  16678      0t0  TCP 127.0.0.1:25 (LISTEN)
master    866     root   14u  IPv6  16679      0t0  TCP [::1]:25 (LISTEN)
sshd      904     root    3u  IPv4  17424      0t0  TCP *:22 (LISTEN)
sshd      904     root    4u  IPv6  17426      0t0  TCP *:22 (LISTEN)
sshd      951     root    3u  IPv4  17884      0t0  TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED)
sshd      954 ec2-user    3u  IPv4  17884      0t0  TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED)
httpd    1086     root    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1088   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1089   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1090   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1091   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)
httpd    1092   apache    4u  IPv6  19036      0t0  TCP *:80 (LISTEN)

In case you want to get more detailed information about port 80 you can use the following command:

[[email protected]~]# lsof -i :80
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   1056   root    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1057 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1058 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1059 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1060 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)
httpd   1061 apache    4u  IPv6  19036      0t0  TCP *:http (LISTEN)

Here in this output, you can clearly note that port 80 is being used by the HTTP service, which has a PID of 1056.

3. Checking open ports in Linux using nmap

Nmap is a port scanning tool used in Linux. It is not installed by default on Linux systems. You need to install it using the following command.

yum install nmap

Once installed, the command is used to check open ports on Linux.

Team:

# nmap -sT -O localhost

Conclusion:

[[email protected] ~]# nmap -sT -O localhost
 
Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-15 13:59 UTC
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00023s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp
80/tcp open  http
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.9
Network Distance: 0 hops
 
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
[[email protected] ~]#

In the output above, we can be able to check the open ports very easily.

In case you want to learn more about network commands in Linux follow this article.