Skip to content

Open ports in Linux

Part of the network diagnosis is to check the services with open ports on Linux.

How to Check Open Ports on Linux

To check open ports with netstat, the “-tunl” options can be used:

-t for TCP
-u for UDP
-n to not resolve names
-l for open doors (listen)

In this example, netstat lists the open TCP/UDP ports:

$ sudo netstat -tunlp
Activate Internet connections (servers only)
Proto Local Address State PID/Program name
TCP 127.0.0. 53:53 LISTEN 24813/systemd-resol
TCP 0.0.0. 0:22 LISTEN 9857/sshd
tcp6::22 LISTEN 9857/sshd
UDP 127.0.0. 53:53 24813/systemd-resol

The ss command can also show open ports with the identical option:

ss -tunnel

NetID Local Address:Port Peer Address:Port
dp 127.0.0.53% lo:53 0.0.0.0: * (“systemd-resolve”, pid=355)
dp 0.0.0. 0:68 0.0.0.0: * (“dhclient”, pid=17984)
dp 0.0.0. 0:5353 0.0.0.0: * (“avahi-daemon”, pid=27533)
tcp 0.0.0. 0:22 0.0.0.0: * (“sshd”, pid=14825)

lsof command on Linux

Since everything in Linux is a file, network connections can also be viewed as an “open file”. The “lsof” command can be used in this context to view files that correspond to Internet addresses.

The lsof “-i” option filters open files from the type of Internet addresses. It is necessary to run lsof as root:

$ sudo lsof -i
COMMAND PID USER FD TYPE NODE NAME
sshd 9857 root 3u IPv4 TCP *:ssh (LISTEN)
sshd 9857 root 4u IPv6 TCP *:ssh (LISTEN)
systemd-r 24813 systemd-resolve 12u IPv4 UDP localhost:domain
systemd-r 24813 systemd-resolve 13u IPv4 TCP localhost:domain (LISTEN)

fuser command on Linux

The “fuser” command can also be used to display information about a particular open port. It identifies the processes through the files or sockets, returning the PID of the processes:

$ sudo fuser 22/TCP
22/TCP: 9857 24313 2440

To find out which process is using a particular file:

$ fuser -v /bin/bash
USER PID ACCESS COMMAND
/usr/bin/bash: ec2-user 16092… and. bash

The netstat, ss, lsof, and fuser commands are used to view the local machine’s open ports.

There is a tool called nmap that can also discover the open ports of both the local machine and the remote machines.

Learn much more about Linux in our books.

Did you like it? Share