3 ways to check open ports in Linux with the appropriate service process
It is very important to check open ports on Linux for security purposes. This helps the system administrator find any intrusion into the system. This article will help you quickly check open ports in Linux with the appropriate service process.
How to check open ports in Linux with the corresponding service process?
There are various ways in which you can determine the open listening ports on Linux.
1. Checking open ports in Linux using the NETSTAT command
In its basic form, the NetStat command displays or prints information about network connections and the routing table, etc. However, the same command together with the parameter below can be used to check for open ports on Linux.
Team:
netstat -tulpn | grep LISTEN
Conclusion:
[[email protected] ~]# netstat -tulpn | grep LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 904/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 866/master tcp6 0 0 :::80 :::* LISTEN 1086/httpd tcp6 0 0 :::22 :::* LISTEN 904/sshd tcp6 0 0 ::1:25 :::* LISTEN 866/master [[email protected] ~]#
Here is the command above displays all output TCPs as well as UDP ports. In case you want to filter it further, let’s say you want to know the process or service used on port 80, you should use the command below.
[[email protected] ~]# netstat -tulpn | grep LISTEN|grep 80 tcp6 0 0 :::80 :::* LISTEN 1086/httpd [[email protected] ~]#
The above command port uses the HTTPd service with PID 1086.
2. Checking open ports in Linux using the lsof utility
The lsof utility basically displays a list of open files. However, with some parameter tweaks, we may be able to also check open ports in Linux. It is not installed on the system by default, please follow below command set to install according to Linux distribution.
Для RHEL и CentOS OS #yum install lsof Для Debian и Ubuntu OS #apt install lsof
Team:
#lsof -i -P -n
Conclusion:
[[email protected] ~]# lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 513 chrony 1u IPv4 14330 0t0 UDP 127.0.0.1:323 chronyd 513 chrony 2u IPv6 14331 0t0 UDP [::1]:323 dhclient 548 root 6u IPv4 15326 0t0 UDP *:68 dhclient 548 root 20u IPv4 15315 0t0 UDP *:41668 dhclient 548 root 21u IPv6 15316 0t0 UDP *:23435 master 866 root 13u IPv4 16678 0t0 TCP 127.0.0.1:25 (LISTEN) master 866 root 14u IPv6 16679 0t0 TCP [::1]:25 (LISTEN) sshd 904 root 3u IPv4 17424 0t0 TCP *:22 (LISTEN) sshd 904 root 4u IPv6 17426 0t0 TCP *:22 (LISTEN) sshd 951 root 3u IPv4 17884 0t0 TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED) sshd 954 ec2-user 3u IPv4 17884 0t0 TCP 172.31.22.4:22->103.211.42.2:59572 (ESTABLISHED) httpd 1086 root 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1088 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1089 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1090 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1091 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN) httpd 1092 apache 4u IPv6 19036 0t0 TCP *:80 (LISTEN)
In case you want to get more detailed information about port 80 you can use the following command:
[[email protected]~]# lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME httpd 1056 root 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1057 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1058 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1059 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1060 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN) httpd 1061 apache 4u IPv6 19036 0t0 TCP *:http (LISTEN)
Here in this output, you can clearly note that port 80 is being used by the HTTP service, which has a PID of 1056.
3. Checking open ports in Linux using nmap
Nmap is a port scanning tool used in Linux. It is not installed by default on Linux systems. You need to install it using the following command.
yum install nmap
Once installed, the command is used to check open ports on Linux.
Team:
# nmap -sT -O localhost
Conclusion:
[[email protected] ~]# nmap -sT -O localhost Starting Nmap 6.40 ( http://nmap.org ) at 2017-09-15 13:59 UTC RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Nmap scan report for localhost (127.0.0.1) Host is up (0.00023s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 3.9 Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds [[email protected] ~]#
In the output above, we can be able to check the open ports very easily.
In case you want to learn more about network commands in Linux follow this article.