Site icon DesignLinux

How to Check for Listening Ports in Linux (Ports in use)

How to Check for Listening Ports in Linux (Ports in use)

While you facing network connectivity issues, the first thing is to check what ports are actually in use on your system and which application is listening on a specific port. In this tutorial described how to use netstat, ss and lsof commands to find out which services are listening on which ports.

Listening Port

Port is a number which used for identification, with the associated IP address. Listening port is a network port on which an application or process listens on, acting as a communication endpoint.

You can filter the listening port via firewall and keep open or close. An open port is a network port that accepts incoming packets from remote locations. Multiple services or applications cannot be run on same port with same IP address.

For instance, if your server running Nginx HTTP server listening on port 80 and 443 and you try to install Apache web server, it will fail to start the services because the ports already are in use by Nginx.

Check Listening Ports with netstat

You can use netstat command-line tool that can provide information about network connections.

Run the following command to list all TCP or UDP ports that are being listened on. It also includes the services using the ports and the socket status:

sudo netstat -tunlp

You can use the following options with this command:

It should show output something like below:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      932/mysqld
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      906/redis-server 12
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1133/master
tcp6       0      0 :::443                  :::*                    LISTEN      4695/nginx: master
tcp6       0      0 ::1:6379                :::*                    LISTEN      906/redis-server 12
tcp6       0      0 :::22                   :::*                    LISTEN      890/sshd
tcp6       0      0 :::80                   :::*                    LISTEN      4695/nginx: master
tcp6       0      0 :::25                   :::*                    LISTEN      1133/master
udp        0      0 127.0.0.53:53           0.0.0.0:*                           669/systemd-resolve

Meaning of the important columns are given below:

You can also filter the results using grep command. For example, to find what process listens on TCP port 22 you would type:

sudo netstat -tnlp | grep :22

The output shows that on this machine port 22 is used by the SSH server:

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      890/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      890/sshd

If the output is empty it means that nothing is listening on the port.

Check Listening Ports with ss

ss is same as netstat but it lacks some of the netstat features. But it exposes more TCP states and it is slightly faster. The command options are mostly the same, so the transition from netstat to ss is not difficult.

To get a list of all listening ports with ss you would type:

sudo ss -tunlp
Netid       State         Recv-Q        Send-Q                Local Address:Port               Peer Address:Port                                                                                                                                
udp         UNCONN        0             0                     127.0.0.53%lo:53                  0.0.0.0:*            users:(("systemd-resolve",pid=669,fd=12))                                                                              
tcp         LISTEN        0             128                         0.0.0.0:443                 0.0.0.0:*            users:(("nginx",pid=4698,fd=10),("nginx",pid=4695,fd=10))                                                             
tcp         LISTEN        0             80                        127.0.0.1:3306                0.0.0.0:*            users:(("mysqld",pid=932,fd=27))                                                                                       
tcp         LISTEN        0             128                       127.0.0.1:6379                0.0.0.0:*            users:(("redis-server",pid=906,fd=6))                                                                                  
tcp         LISTEN        0             128                         0.0.0.0:22                 0.0.0.0:*            users:(("sshd",pid=890,fd=3))                                                                                          
tcp         LISTEN        0             128                         0.0.0.0:80                  0.0.0.0:*            users:(("nginx",pid=4698,fd=8),("nginx",pid=4695,fd=8))                                                                
tcp         LISTEN        0             128                   127.0.0.53%lo:53                  0.0.0.0:*            users:(("systemd-resolve",pid=669,fd=13))                                                                              
tcp         LISTEN        0             100                         0.0.0.0:25                  0.0.0.0:*            users:(("master",pid=1133,fd=13))                                                                                      
tcp         LISTEN        0             128                            [::]:443                 [::]:*            users:(("nginx",pid=4698,fd=9),("nginx",pid=4695,fd=9))                                                              
tcp         LISTEN        0             128                           [::1]:6379                [::]:*            users:(("redis-server",pid=906,fd=7))                                                                                  
tcp         LISTEN        0             128                            [::]:22                 [::]:*            users:(("sshd",pid=890,fd=4))                                                                                          
tcp         LISTEN        0             128                            [::]:80                  [::]:*            users:(("nginx",pid=4698,fd=11),("nginx",pid=4695,fd=11))                                                              
tcp         LISTEN        0             100                            [::]:25                  [::]:*            users:(("master",pid=1133,fd=14))  

Check Listening Ports with lsof

To get the information about files opened by processes, lsof command-line utility is used.

As we know, in Linux everything is a file. You can think of a socket as a file that writes to the network.

To get a list of all listening TCP ports with lsof type:

The options used are as follows:

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  669 systemd-resolve   13u  IPv4  15342      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd       890            root    3u  IPv4  18706      0t0  TCP *:972 (LISTEN)
sshd       890            root    4u  IPv6  18723      0t0  TCP *:972 (LISTEN)
redis-ser  906           redis    6u  IPv4  18846      0t0  TCP 127.0.0.1:6379 (LISTEN)
redis-ser  906           redis    7u  IPv6  18847      0t0  TCP [::1]:6379 (LISTEN)
mysqld     932           mysql   27u  IPv4  19634      0t0  TCP 127.0.0.1:3306 (LISTEN)
master    1133            root   13u  IPv4  19748      0t0  TCP *:25 (LISTEN)
master    1133            root   14u  IPv6  19749      0t0  TCP *:25 (LISTEN)
nginx     4695            root    8u  IPv4  57186      0t0  TCP *:80 (LISTEN)
nginx     4695            root    9u  IPv6  57187      0t0  TCP *:443 (LISTEN)
nginx     4695            root   10u  IPv4  57188      0t0  TCP *:443 (LISTEN)
nginx     4695            root   11u  IPv6  57189      0t0  TCP *:80 (LISTEN)
nginx     4698        www-data    8u  IPv4  57186      0t0  TCP *:80 (LISTEN)
nginx     4698        www-data    9u  IPv6  57187      0t0  TCP *:443 (LISTEN)
nginx     4698        www-data   10u  IPv4  57188      0t0  TCP *:443 (LISTEN)
nginx     4698        www-data   11u  IPv6  57189      0t0  TCP *:80 (LISTEN)

For more information, visit the lsof man page and read about all other powerful options of this tool.

Conclusion

In this tutorial explained commands that you can use to check what ports are in use on your system.

If you have any question or feedback, please leave a comment below.

Exit mobile version