How to Check and Show Open Ports list in Linux?

Linux Server administrators To fix server security issues and keep data safe, need to know which TCP and UDP ports are open in Linux os and distributions like Centos,Ubuntu,RHEL,Debian with use this commands (ss-lsof-netstat-nmap-netcat).

Check open ports in Linux

• Launch a Linux terminal.
• Type ss to display all open TCP and UDP ports.
• Another option is to use the  nmap lsof netstat netcat

1. ss command

The ss command in Linux displays listening ports and their connected networks. The ss command with parameters may identify and display Linux listening ports. Command syntax for thess:

sudo ss -tulpn

If you want your output to be organized and provide more relevant but concise information, you should run thess command with the-ltn flag:

sudo ss -ltn

Output:

State      Recv-Q     Send-Q         Local Address:Port            Peer Address:Port     Process
LISTEN     0          4096           127.0.0.53%lo:53                   0.0.0.0:*
LISTEN     0          5                  127.0.0.1:631                  0.0.0.0:*
LISTEN     0          70                 127.0.0.1:33060                0.0.0.0:*
LISTEN     0          151                127.0.0.1:3306                 0.0.0.0:*
LISTEN     0          5                      [::1]:631                     [::]:*
LISTEN     0          511                        *:80                         *:*

In the sample output that you see, ports number 80, 3306, and 33060 are ports that HTTP and MySQL services use, and most Linux users are familiar with these ports.

Other connections on the server are in listening status on the designated ports. If this information is not enough for you and you need to know which open ports belong to which processes, you can run the -p option along with the ss command:

sudo ss -ltnp

Output:

State    Recv-Q   Send-Q      Local Address:Port        Peer Address:Port   Process
LISTEN   0        4096        127.0.0.53%lo:53               0.0.0.0:*       users:(("systemd-resolve",pid=530,fd=13))
LISTEN   0        5               127.0.0.1:631              0.0.0.0:*       users:(("cupsd",pid=572,fd=7))
LISTEN   0        70              127.0.0.1:33060            0.0.0.0:*       users:(("mysqld",pid=2320,fd=32))
LISTEN   0        151             127.0.0.1:3306             0.0.0.0:*       users:(("mysqld",pid=2320,fd=34))
LISTEN   0        5                   [::1]:631                 [::]:*       users:(("cupsd",pid=572,fd=6))
LISTEN   0        511                     *:80                     *:*       users:(("apache2",pid=2728,fd=4),("apache2",pid=2727,fd=4),("apache2",pid=2725,fd=4))

In the output of this command, it is determined which ports belong to mysqld, systemd-resolve, cupsd, and apache2 processes.

You can also use other options along with the ss command, such as:

• -l option: show listening ports
• -lt option: show listening TCP ports
• -tul option: Access a list of TCP and UDP listening ports
• -n option: to access the listening port of the specified service

It should be noted that you can also use the following command to get more detailed information about the ports that are listening for incoming connections:

ss -tuln | grep LISTEN

2.nmap command

Nmap is an open-source network scanning and security auditing program. Using the nmap tool, you can search the network and identify the open ports on the remote local host. Previously, we taught in detail how to use the nmap command to scan open ports in another article. We will also mention it in this article.

To scan the open ports in the Local Host using the nmap command, you can enter the IP address of the remote system and you can also specify your system as the LocalHost. Pay attention to the following example:

sudo nmap -sT -O localhost

sudo nmap -sU -O 192.168.2.254 ##[ list open UDP ports ]##

sudo nmap -sT -O 127.0.0.1 ##[ list open TCP ports ]##

sudo nmap -sTU -O 192.168.2.24

Sample output:

Starting Nmap 7.70 ( https://nmap.org ) at 2023-03-09 23:49 IST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00024s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
631/tcp open  ipp
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.31 seconds

3.lsof command

you can use the lsof command to find processes that users have run and access open TCP and UDP ports by running lsof command.

Along with the lsof command, you can also run different options for different purposes, as follows:

• -i option: If you don’t have access to the IP address, this command will help you to view information about all network files.
• -p option: If you have a problem searching for the port name, you can use this option because it prevents the conversion of the port number of the network files into the port name.
• -n option: This option is useful when you don’t want to use the DNS name and it prevents the network number from converting the hostname of the network files.
• | grep LISTEN: organizes the output to show ports in LISTEN state.

The main syntax of this command is as follows:

sudo lsof -i -P -n

In the output of this command, you will see a list of open ports in Linux. But this command has a drawback in that sometimes it displays ports that are not actually open. To access the ports that are currently actively listening on your Linux system, we suggest the following command:

sudo lsof -i -P -n | grep LISTEN

4.netstat command

One of the useful commands for finding open ports is the netstat command, which displays the open ports in a list format. The basic syntax of this command to list open ports is as follows:

sudo netstat -tulpn | grep LISTEN

Other options for different purposes can be executed with the netstat command, including the following:

• -t: Display all TCP ports
• -u: Display all UDP ports
• -I: providing listening server sockets
• -P: Show PID and names of sockets programs
• -n: It is executed so that the names are not resolved
• | grep LISTEN: Filter the output to display open ports in LISTEN status using the grep command

5.netcat command

By executing the netcat command with the help of TCP and UDP protocols, the user is able to write and read data between computers, the main syntax of this command is as follows:

nc [options] host port

The netcat command, along with other options, will have different meanings. We will explain how to find open ports through its options below:

• nifty -z: finding listening daemons without sending data to the port
• -v: getting more information and activating verbosity

You can also use the following command to scan open ports:

nc -z -v <IP-ADDRESS> 1-65535 2>&1 | grep -v 'Connection refused'

Replace the IP-ADDRESS in the above command with the IP Address of the Linux system you want to find open ports.

As a result, by running the previous command, you will see open and accessible ports on your Linux system.

Show open ports linux using Powershell

Powershell provides the ability to test network connections (Test-NetConnection) using the built-in cmdlet, but Powershell is a command line shell that is used in the Windows environment because other operating systems do not support this cmdlet. Powershell usually does not support built-in commands for Linux-specific operations. But by using TcpClient class, you can also use PowerShell features in Linux to check the listening ports and open connections.

The “Get-NetTCPConnection” cmdlet is a method with the same functionality as the netstat command in Linux to get a list of open TCP ports in Powershell, which supports various parameters to make accessing open ports easier using Powershell.

To access a list of listening ports using the “Get-NetTCPConnection” command, run the following command:

Get-NetTCPConnection -State Listen

As a result, all listening ports are displayed.

In addition, you can run Powershell by running the following command:

Pwsh

Then create a file with your favorite text editor (we prefer the nano editor):

nano Test-Port.ps1

We created a file called Test-port.ps1.

Then add the following commands in the file you just created using the editor of your choice:

<#
                .SYNOPSIS
                                This function tests for open TCP/UDP ports.
                .DESCRIPTION
                                This function tests any TCP/UDP port to see if it's open or closed.
                .NOTES
                .PARAMETER Computername
                                One or more remote, comma-separated computer names
                .PARAMETER Port
                                One or more comma-separated port numbers you'd like to test.
                .PARAMETER TcpTimeout
                                The number of milliseconds that the function will wait until declaring
                                the TCP port closed. Default is 1000.
                .EXAMPLE
                                PS> Test-Port -Computername 'LABDC','LABDC2' -Protocol TCP 80,443
                               
                                This example tests the TCP network ports 80 and 443 on both the LABDC
                                and LABDC2 servers.
                #>
[CmdletBinding()]
[OutputType([System.Management.Automation.PSCustomObject])]
param (
    [Parameter(Mandatory)]
    [string[]]$ComputerName,
    [Parameter(Mandatory)]
    [int[]]$Port,
    [Parameter()]
    [int]$TcpTimeout = 1000
)
begin {
    $Protocol = 'TCP'
}
process {
    foreach ($Computer in $ComputerName) {
        foreach ($Portx in $Port) {           
            $Output = @{ 'Computername' = $Computer; 'Port' = $Portx; 'Protocol' = $Protocol; 'Result' = '' }
            Write-Verbose "$($MyInvocation.MyCommand.Name) - Beginning port test on '$Computer' on port '$Protocol<code>:$Portx'"
            $TcpClient = New-Object System.Net.Sockets.TcpClient
            $Connect = $TcpClient.BeginConnect($Computer, $Portx, $null, $null)
            $Wait = $Connect.AsyncWaitHandle.WaitOne($TcpTimeout, $false)
            if (!$Wait -or !($TcpClient.Connected)) {
                $TcpClient.Close()
                Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' failed port test on port '$Protocol</code>:$Portx'"
                $Output.Result = $false
            }
            else {
                $TcpClient.EndConnect($Connect)
                $TcpClient.Close()
                Write-Verbose "$($MyInvocation.MyCommand.Name) - '$Computer' passed port test on port '$Protocol<code>:$Portx'"
                $Output.Result = $true
                $TcpClient.Close()
                $TcpClient.Dispose()
            }
            [pscustomobject]$Output
        }
    }
}

Finally, save your changes to the Test-Port.ps1 scrip and exit the editor.

To check whether the ports you want are open, for example, checking ports 80, 22, and 443, use the following example:

./Test-Port.ps1 -ComputerName localhost -Port 22,80,443

The output of the previous command will list the status of your specified ports.

How to check open ports in Linux through UFW Linux firewall

Up to this part of the article, you learned how to access a list of open ports in the Linux system using various commands, but some ports in your system may be blocked by the firewall and other software, and all the open ports you see in the list may not be open to the Internet.

Therefore, you must know the rules of the firewall in order to correctly identify the open and blocked ports. You can use the following command to find out about the state of the firewall regarding the blocking of input and output access:

 sudo ufw status verbose

Sample OutPut:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

In this output, you can see that incoming connections are blocked by the firewall, and Incoming MySQL and HTTP connections with ports 80 and 3306 are not allowed in the firewall rules, while these ports may be displayed as open ports by executing the 5 commands we taught.

You can also access the list of configured firewall rules on the Linux server by running the following command:

sudo iptables -S
# IPv6 #
sudo ip6tables -S

How to block ports in Linux

you can blocking ports in Linux with iptables or ufw firewalls.

1.Using the iptables (Default Firewall)

iptables is the default firewall for most Linux distributions. To block a specific port using iptables, follow these steps:

Identify the port to block: Determine the port number you want to block. For example, to block port 80 (HTTP), you would use the following command:

iptables -A INPUT -p tcp --dport 80 -j DROP

Apply the firewall rule: Save the rule by exiting the iptables editor.

iptables-save

This will create a new firewall rule that will drop all incoming TCP traffic on port 80. To block UDP traffic on port 80, you would use:

iptables -A INPUT -p udp --dport 80 -j DROP

To block both TCP and UDP traffic on port 80, you would use a combination of the two rules:

iptables -A INPUT -p tcp --dport 80 -j DROP

iptables -A INPUT -p udp --dport 80 -j DROP

2.Using the UFW (Third-party Firewall)

UFW (Uncomplicated Firewall) is a user-friendly firewall interface that is popular on Ubuntu and other Debian-based distributions. To block a specific port using UFW, follow these steps:

Enable UFW: If UFW is not already enabled, enable it using the following command:

sudo ufw enable

Block the port: Add the port to the UFW deny list using:

sudo ufw deny <protocol> <port>

For example, to block port 80 (HTTP) using TCP, you would use:

sudo ufw deny tcp 80

To block UDP traffic on port 80, you would use:

sudo ufw deny udp 80

To block both TCP and UDP traffic on port 80, you would use a combination of the two commands:

sudo ufw deny tcp 80
sudo ufw deny udp 80

Remember to save the UFW changes by running the following command:

sudo ufw reload

FAQ

Related Article : What is Debian OS