While you facing network connectivity issues, the first thing is to check what ports are actually in use on your system and which application is listening on a specific port. In this tutorial described how to use netstat, ss and lsof commands to find out which services are listening on which ports.
Listening Port
Port is a number which used for identification, with the associated IP address. Listening port is a network port on which an application or process listens on, acting as a communication endpoint.
You can filter the listening port via firewall and keep open or close. An open port is a network port that accepts incoming packets from remote locations. Multiple services or applications cannot be run on same port with same IP address.
For instance, if your server running Nginx HTTP server listening on port 80 and 443 and you try to install Apache web server, it will fail to start the services because the ports already are in use by Nginx.
Check Listening Ports with netstat
You can use netstat command-line tool that can provide information about network connections.
Run the following command to list all TCP or UDP ports that are being listened on. It also includes the services using the ports and the socket status:
sudo netstat -tunlp
You can use the following options with this command:
-t– It will show TCP ports.-u– It displays UDP ports.-n– Show numerical addresses instead of resolving hosts.-l– View only listening ports.-p– Show the PID and name of the listener’s process. This information is shown only if you run the command as root orsudouser.
It should show output something like below:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 932/mysqld
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 906/redis-server 12
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1133/master
tcp6 0 0 :::443 :::* LISTEN 4695/nginx: master
tcp6 0 0 ::1:6379 :::* LISTEN 906/redis-server 12
tcp6 0 0 :::22 :::* LISTEN 890/sshd
tcp6 0 0 :::80 :::* LISTEN 4695/nginx: master
tcp6 0 0 :::25 :::* LISTEN 1133/master
udp 0 0 127.0.0.53:53 0.0.0.0:* 669/systemd-resolveMeaning of the important columns are given below:
Proto– The protocol used by the socket.Local Address– The IP Address and port number on which the process listen to.PID/Program name– The PID and the name of the process.
You can also filter the results using grep command. For example, to find what process listens on TCP port 22 you would type:
sudo netstat -tnlp | grep :22
The output shows that on this machine port 22 is used by the SSH server:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 890/sshd
tcp6 0 0 :::22 :::* LISTEN 890/sshdIf the output is empty it means that nothing is listening on the port.
Check Listening Ports with ss
ss is same as netstat but it lacks some of the netstat features. But it exposes more TCP states and it is slightly faster. The command options are mostly the same, so the transition from netstat to ss is not difficult.
To get a list of all listening ports with ss you would type:
sudo ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=669,fd=12))
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=4698,fd=10),("nginx",pid=4695,fd=10))
tcp LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=932,fd=27))
tcp LISTEN 0 128 127.0.0.1:6379 0.0.0.0:* users:(("redis-server",pid=906,fd=6))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=890,fd=3))
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=4698,fd=8),("nginx",pid=4695,fd=8))
tcp LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=669,fd=13))
tcp LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=1133,fd=13))
tcp LISTEN 0 128 [::]:443 [::]:* users:(("nginx",pid=4698,fd=9),("nginx",pid=4695,fd=9))
tcp LISTEN 0 128 [::1]:6379 [::]:* users:(("redis-server",pid=906,fd=7))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=890,fd=4))
tcp LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=4698,fd=11),("nginx",pid=4695,fd=11))
tcp LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=1133,fd=14)) Check Listening Ports with lsof
To get the information about files opened by processes, lsof command-line utility is used.
As we know, in Linux everything is a file. You can think of a socket as a file that writes to the network.
To get a list of all listening TCP ports with lsof type:
The options used are as follows:
-n– Do not convert port numbers to port names.-p– Do not resolve hostnames, show numerical addresses.-iTCP -sTCP:LISTEN– Show only network files with TCP state LISTEN.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 669 systemd-resolve 13u IPv4 15342 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 890 root 3u IPv4 18706 0t0 TCP *:972 (LISTEN)
sshd 890 root 4u IPv6 18723 0t0 TCP *:972 (LISTEN)
redis-ser 906 redis 6u IPv4 18846 0t0 TCP 127.0.0.1:6379 (LISTEN)
redis-ser 906 redis 7u IPv6 18847 0t0 TCP [::1]:6379 (LISTEN)
mysqld 932 mysql 27u IPv4 19634 0t0 TCP 127.0.0.1:3306 (LISTEN)
master 1133 root 13u IPv4 19748 0t0 TCP *:25 (LISTEN)
master 1133 root 14u IPv6 19749 0t0 TCP *:25 (LISTEN)
nginx 4695 root 8u IPv4 57186 0t0 TCP *:80 (LISTEN)
nginx 4695 root 9u IPv6 57187 0t0 TCP *:443 (LISTEN)
nginx 4695 root 10u IPv4 57188 0t0 TCP *:443 (LISTEN)
nginx 4695 root 11u IPv6 57189 0t0 TCP *:80 (LISTEN)
nginx 4698 www-data 8u IPv4 57186 0t0 TCP *:80 (LISTEN)
nginx 4698 www-data 9u IPv6 57187 0t0 TCP *:443 (LISTEN)
nginx 4698 www-data 10u IPv4 57188 0t0 TCP *:443 (LISTEN)
nginx 4698 www-data 11u IPv6 57189 0t0 TCP *:80 (LISTEN)For more information, visit the lsof man page and read about all other powerful options of this tool.
Conclusion
In this tutorial explained commands that you can use to check what ports are in use on your system.
If you have any question or feedback, please leave a comment below.