Different Linux commands to check open ports in Linux:
Using netstat to list open ports
sudo netstat -tulpn | grep LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 80940/systemd-resol
tcp 0 0 0.0.0.0:3116 0.0.0.0:* LISTEN 80989/*** hidden-name ***
tcp 0 0 0.0.0.0:56020 0.0.0.0:* LISTEN 81022/transmission-
tcp 0 0 0.0.0.0:8991 0.0.0.0:* LISTEN 81022/transmission-
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 80890/sshd: /usr/sb
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 500456/nginx: maste
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 80874/stubby
tcp 0 0 0.0.0.0:3969 0.0.0.0:* LISTEN 500449/*** hidden-name ***
tcp6 0 0 :::9818 :::* LISTEN 500447/*** hidden-name ***
tcp6 0 0 :::56020 :::* LISTEN 81022/transmission-
tcp6 0 0 ::1:53 :::* LISTEN 80874/stubby
tcp6 0 0 :::22 :::* LISTEN 80890/sshd: /usr/sb
tcp6 0 0 :::21 :::* LISTEN 80899/vsftpd
tcp6 0 0 :::80 :::* LISTEN 500456/nginx: maste
tcp6 0 0 :::2050 :::* LISTEN 80944/*** hidden-name ***
Use ss to list open ports / List TCP Connections:
sudo ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
ESTAB 0 0 192.168.100.66:49743 195.78.54.90:24553
ESTAB 0 0 192.168.100.66:http 82.79.47.23:44716
FIN-WAIT-1 0 358 192.168.100.66:47237 77.130.249.156:28047
ESTAB 0 509 192.168.100.66:58883 77.130.249.156:28047
SYN-SENT 0 1 192.168.100.66:49747 81.84.204.212:6881
FIN-WAIT-1 0 480 192.168.100.66:33151 77.130.249.156:28047
ESTAB 0 52 192.168.100.66:ssh 192.168.100.8:10877
ESTAB 0 0 192.168.100.66:42139 212.142.124.114:51413
FIN-WAIT-1 0 1 192.168.100.66:49397 142.147.89.231:56929
SYN-SENT 0 1 192.168.100.66:33185 109.60.32.114:16944
FIN-WAIT-1 0 1 192.168.100.66:54003 142.147.89.231:56929
SYN-SENT 0 1 192.168.100.66:58997 181.221.124.199:26085
CLOSE-WAIT 64 0 192.168.100.66:40504 104.21.54.213:https
SYN-SENT 0 1 192.168.100.66:34427 115.189.93.8:24841
ESTAB 0 0 [::ffff:192.168.100.66]:8181 [::ffff:82.79.47.23]:10889
ESTAB 0 0 [::ffff:192.168.100.66]:8181 [::ffff:82.79.47.23]:10091
ESTAB 0 0 [2a02:2f08:660b:3200:b62e:99ff:fec1:4d2d]:36591 [2806:107e:c:fee0:cd7b:d192:e43b:4e37]:34725
FIN-WAIT-1 0 550 [2a02:2f08:660b:3200:b62e:99ff:fec1:4d2d]:44283 [2a03:ec00:b1a1:231a:f9c7:c3d:98d9:3d0b]:14082
FIN-WAIT-1 0 604 [2a02:2f08:660b:3200:b62e:99ff:fec1:4d2d]:54357 [2a03:ec00:b182:65a:789f:f727:5e55:5d1b]:51413
FIN-WAIT-1 0 602 [2a02:2f08:660b:3200:b62e:99ff:fec1:4d2d]:41207 [2a03:ec00:b182:65a:b86b:82ac:38e:4f29]:51413
display all open TCP and UDP ports in Linux: TCP + Sockets + UDP + PID
sudo ss -tulpn
lsof command – To check open TCP and UDP ports using the lsof command:
sudo lsof -i -P -n | grep LISTEN
stubby 80874 stubby 4u IPv4 1130883 0t0 TCP 127.0.0.1:53 (LISTEN)
stubby 80874 stubby 6u IPv6 1130885 0t0 TCP [::1]:53 (LISTEN)
sshd 80890 root 3u IPv4 1132953 0t0 TCP *:22 (LISTEN)
sshd 80890 root 4u IPv6 1132955 0t0 TCP *:22 (LISTEN)
vsftpd 80899 root 3u IPv6 1122077 0t0 TCP *:21 (LISTEN)
systemd-r 80940 systemd-resolve 14u IPv4 1134800 0t0 TCP 127.0.0.53:53 (LISTEN)
transmiss 81022 debian-transmission 14u IPv4 1134865 0t0 TCP *:3331 (LISTEN)
transmiss 81022 debian-transmission 15u IPv4 1134866 0t0 TCP *:56020 (LISTEN)
transmiss 81022 debian-transmission 16u IPv6 1134868 0t0 TCP *:56020 (LISTEN)
nginx 500456 root 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500456 root 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500457 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500457 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500458 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500458 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500459 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500459 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500460 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500460 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500461 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500461 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500462 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500462 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500463 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500463 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nginx 500464 www-data 7u IPv4 6766284 0t0 TCP *:80 (LISTEN)
nginx 500464 www-data 8u IPv6 6766285 0t0 TCP *:80 (LISTEN)
nmap command – (open source tool for network exploration and security auditing)
sudo nmap -sT -O localhost
list or dump firewall rules using iptables (firewall) :
sudo iptables -S
Use the cat command or grep command/egrep command to view port numbers & service mappings:
cat /etc/services
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
time 37/udp timserver
whois 43/tcp nicname
tacacs 49/tcp # Login Host Protocol (TACACS)
tacacs 49/udp
domain 53/tcp # Domain Name Server
domain 53/udp
bootps 67/udp
bootpc 68/udp
tftp 69/udp
gopher 70/tcp # Internet Gopher
finger 79/tcp
http 80/tcp www # WorldWideWeb HTTP
…
Leave a Reply
Your email address will not be published. Required fields are marked *