In this article, we will talk about how to find out a list of all open ports in Linux but before that, we will mention about ports in computer networking. In software terms, and more definitely in computer networking, a port is an available network location implemented in an operating system to assist differentiate traffic destined for various services or applications.
Transmission Control Protocol (TCP), as well as the User Datagram Protocol (UDP), are the most commonly used protocols using ports.
There are different categories of ports (System Ports, User Ports, and Private Ports) and they are defined by a number in the range from 0 to 65535.
Below are explained the different categories of ports:
- 0-1023 – are “Well Known Ports” related to services that are considered critical or substantial. They are recognized by the term System Ports.
- 1024-49151 – Registered ports can be retained by sending a request to IANA (Internet-assigned numbers) and they are known by the term User Ports.
- 49152-65535 – Dynamic ports are suggested for private use. They are also known as Private Ports.
Open ports can be evidence of intrusion on your network, so we should pay special attention to which ports they listening on your network. Knowing which ports are open on your network can be a crucial part and help you block malicious efforts directed at your system.
This is an example of the few common port numbers:
- 20: File Transfer Protocol (FTP) Data Transfer
- 21: File Transfer Protocol (FTP) Command Control
- 22: Secure Shell (SSH) Secure Login
- 23: Telnet remote login service, unencrypted text messages that are insecure, and not recommended for most uses
- 25: Simple Mail Transfer Protocol (SMTP) E-mail routing
- 43: WHOIS protocol used for checking information about ownership of a domain name
- 53: Domain Name System (DNS) service
- 67: Dynamic Host Configuration Protocol (DHCP) server port
- 68: Dynamic Host Configuration Protocol (DHCP) client port
- 80: Hypertext Transfer Protocol (HTTP) used on the World Wide Web (www)
- 110: Post Office Protocol (POP3)
- 119: Network News Transfer Protocol (NNTP)
- 123: Network Time Protocol (NTP)
- 143: Internet Message Access Protocol (IMAP) client applications usually use it to retrieve digital email messages
- 161: Simple Network Management Protocol (SNMP)
- 194: Internet Relay Chat (IRC)
- 443: HTTP Secure (HTTPS) HTTP over TLS/SSL
- 587: Simple Mail Transfer Protocol (SMTP) used as email submission port
Most services can be configured to use ports that are non-standard, but you need to make sure that both the server and the client are configured to use a non-standard port.
You can get a list of some common ports with the following command:
$ cat /etc/services
Or if you want to read through a large text file like this it is better to use the less command
$ cat /etc/services | less
There are different commands on the Linux server to see which TCP/UDP ports are listening or opened on your server. In this article, we are going to use a netstat, nmap and lsof commands.
Network Statistics (netstat) command
Netstat is installed by default on most of the Linux distributions. netstat is a very powerful command that can displays network connections for the TCP/UDP (both outgoing and incoming), routing tables, a number of a network interface and also network protocol statistics. The netstat command is very useful in terms of performance measurement and network troubleshooting. It is one of the most basic tools for debugging network services, tells you which ports are open and whether any programs listen on which ports.
In this part, we will demonstrate the netstat command through a few examples.
1. Listing all the LISTENING Ports of TCP and UDP connections
With using the -a flag and pipe with less command we will list all ports (both TCP and UDP)
$ netstat -a | less
2. Listing all LISTENING Connections
The -l flag combined with netstat command will list all active listening ports connections.
$ netstat -l
3. Display the open ports and established TCP connections
In this example, unlike the previous two, we will use more than one flag. The combination of the flags will result with a displaying of the open ports and established TCP connections.
$ netstat -vatn
4. Display only open UDP ports
In this example, we will see how to list only the UDP ports. We gonna type the command:
$ netstat -vaun
5. Display all services listening for TCP and UDP, all free open ports on the local machine and show the PID and the name of the program
With the following command, we will display all the services that listen on both TCP and UDP, all free open ports on the local machine and show the PID and program name to which each socket belongs.
$ netstat -tnlup
With the combination of all these flags, you get an extremely useful tool that gives you an excellent view of the situation on your Linux server. In addition, we show you all the flags we used in the above examples with a more detailed explanation.
- a flag we used in the first example and it shows both listening and non-listening sockets.
- l flag will list all active listening ports connections.
- v flag is for verbose and it prints the user some useful information about the address families that are not configured.
- t Display only TCP connections.
- n flag will show the numerical addresses.
- u Display only UDP connections.
- p is used to show the name of the program and the PID.
Of course, this is only a small part of the features offered by the netstat command, you can freely call the $ man netstat command and review all the features that this wonderful tool offers.
Network Mapper (nmap) command
The nmap is a free open source security tool for network exploration, security scanning, and auditing. However, nmap command comes with various options that may create the utility a lot of robust and tough to follow for brand new users.
Please note that sometimes nmap can reveal a lot of information about the network you are scanning. So, therefore, use nmap only to scan your own networks or networks for which you have been granted a scan permission, in order to determine the security of such networks.
This section of the article is to briefly introduce the nmap command to and to see some common examples of the nmap command.
We can install nmap on Ubuntu/Debian machine by using the following command:
$ sudo apt-get install nmap
and for the CentOS/RHEL machine:
$ sudo yum install nmap
We can see a much wider association between ports and services by viewing in this file:
$ less /usr/share/nmap/nmap-services
The output from this command should be similar as:
# Fields in this file are: Service name, portnum/protocol, open-frequency, optional comments # tcpmux 1/tcp 0.001995 # TCP Port Service Multiplexer [rfc-1078] tcpmux 1/udp 0.001236 # TCP Port Service Multiplexer compressnet 2/tcp 0.000013 # Management Utility compressnet 2/udp 0.001845 # Management UtilityScan compressnet 3/tcp 0.001242 # Compression Process compressnet 3/udp 0.001532 # Compression Process unknown 4/tcp 0.000477 rje 5/udp 0.000593 # Remote Job Entry unknown 6/tcp 0.000502 echo 7/sctp 0.000000 echo 7/tcp 0.004855 echo 7/udp 0.024679 unknown 8/tcp 0.000013 ...
We can notice the extended details and information that we are getting when we use this powerful tool.
Your own VPS instances or the test server (scanme.nmap.org) which is provided from the creators of nmap are very good targets for practicing nmap.
Now we will perform some basic operation with nmap. We will use the privileges of sudo to avoid returning partial results for some queries. Note that some commands may take a longer time.
In the following examples, we will use your_domain.com, which we assume is already assigned to your VPS host, so be sure to replace it with your existing domain.
1. Scan your domain for open ports:
$ sudo nmap -vv your_domain.com
As we can see we use the flag -vv on this example. This is a quick explanation about this flag:
-vv is a verbose output. It shows the process while scanning. You can run only nmap your_domain.com and after that, with -vv and you will know what is the difference.
2. Which ports are listening for TCP connections:
$ sudo nmap -sT your_domain.com
-sT is by default the standard type for TCP connection scan when SYN scan is not an option.
3. Which ports are listening for UDP connections:
$ sudo nmap -sU your_domain.com
When using the -sU, you will activate the UDP scan. But also, if you want to combine both TCP and UDP protocols, you can use the SYN scan (-sS), so this will scan both protocols in a single scan.
4. Instead of all common ports, examine a specific port:
$ sudo nmap -p port_number your_domain.com
-p : Only scan specified ports.
5. Scan every TCP and UDP open port:
$ sudo nmap -n -Pn -sT -sU -p- your_domain.com
-n tells to nmap never to make the reverse DNS resolution of the active IP addresses it finds.
-Pn flag will treat all hosts as online with disabling the ping.
These are just a few examples of the possibilities offered by this incredible tool, you can explore many other combinations from the manual page using the $ man nmap command and explore the vulnerabilities of your network.
List Open Files (lsof) command
The lsof actually stands for List Open Files and it’s easy to remember if you think of it as “ls + of”, then “ls” is represent the list and “of” it stands for open files.
1. List all Network Connections
The lsof command with -i flag will list the all network connections ‘LISTENING & ESTABLISHED’.
$ sudo lsof -i
2. Find Processes running on Specific Port
In this example, we will list all the running processes on port 22.
$ sudo lsof -i TCP:22
3. List all TCP and UDP connections
You can list both TCP and UDP connections executing the following command:
$ sudo lsof -i tcp; sudo lsof -i udp;
If you are interested more about lsof command you can check the manual page for more information.
The conclusion of this article is that knowledge of ports is crucial for Linux enthusiasts but especially for Linux system administrators. These tools (netstat, nmap, and lsof) are fairly flexible and can reveal much about the status of services running on a single machine. It would be nice to check out the man page for these tools for more information. Keep in mind that this is only for you to check the exposure of your network, but do not abuse them.In summary, understanding the concept of ports in computer networking is very important for the system and network administrators.
If you use on of our outsourced server support services, you can simply ask one of our system administrators to list all open ports on your server and send you the output for you. They are available 24/7/365.
If you liked this blog post on how to list all open ports in Linux, please share it with you friends on the social media networks. If you have any question regarding this blog post feel free to post a comment bellow and one of our system administrators will reply to it. Thank you.
