5 Easy Ways to Check Open Ports on Linux

An open network port is the simplest access point to a network. Many times, we need to run unwanted services on ports that are visible from outside the Internet. Since the entire Internet is massively scanned every day to find vulnerable services on open ports, our network will be under constant threat of attack if these services are vulnerable.

Learn how to scan and view open ports on your Linux system so you can protect your network from threats.

What is a network port?

A network port is a logical access point to a system that can be used as a channel to host multiple services. A port is represented by a 16-bit integer, so the maximum port number is 65535.

We can think of ports as doors and windows in a house, all of which are all the different entry points into a computer. There are three types of ports: system ports (1-1023), registered ports (1024-49151), and temporary or dynamic ports (49152-65535).

When you start an application that needs to connect to the internet, it uses dynamic ports to transmit and receive data over the network. However, when you start a web server or SSH server, it usually binds to a system port or a registered port.

For HTTP service web servers, the default system port is 80, and for SSH, the default system port is 22. Port ranges and other regulations are set by the Internet Assigned Numbers Authority (IANA). We can browse the RFCs for ports to get a complete list of all ports and their functions.

It's important to know the most common vulnerable ports so you can ensure they are closed or protected.

1. Use netstat to check open ports

netstat is a popular utility that we can use to view network statistics of Linux systems. It is a part of the net-tools package.

The net-tools package is now depreciated due to lack of proper maintenance by the developers. This is also the reason why you may encounter “ifconfig: command not found” error while running the popular ifconfig command on Linux.

Therefore, on modern systems, you must first install the net-tools package before you can run the netstat command. Here's how to check for open ports using netstat:

 netstat -tuln

Command Explanation:

• -t Displays TCP ports.
• -u displays UDP ports.
• -l shows listening ports. If you want to see all ports regardless of their state, replace it with a .
• -n Display the port's numeric value instead of resolving it to a service name. For example, display port 22 instead of SSH, the service running on that port.

2. Use ss to check open ports

ss is the modern version of the netstat tool. We will find it pre-installed in all modern Linux distributions. The syntax for checking open ports using ss is the same as netstat.

Here's how to check for open ports using ss:

 ss -tuln

Command Explanation:

• -t Displays TCP ports.
• -u displays UDP ports.
• -l shows listening ports. If you want to see all ports regardless of their state, replace it with a .
• -n Display the port's numeric value instead of resolving it to a service name. For example, display port 21 instead of FTP, the service running on that port.

3. Check open ports using Nmap

Nmap is one of the most popular tools in the world of network security and networking. It is a major name when it comes to network security penetration testing. Its main use case is port scanning, so you can get information not only about the ports that are open in your system, but also whether they are vulnerable and exploitable.

Also, if you wish to check for open ports in a remote system that has an IDS/IPS and firewall set up, don't worry, as Nmap can also bypass firewalls and IDS/IPS using the correct switches.

Check out this comprehensive guide to Nmap for beginners to explore the various features of Nmap and how to use them. Although possible, it is not recommended to try to bypass the firewall as it is not completely reliable, so it is better to connect to the remote server via SSH and run Nmap locally.

Following are the commands to check for open ports using Nmap:

 nmap -sTU -sV <ip-address> -T 5 --min-rate 9000 --min-parallelism 9000 --initial-rtt-timeout 50ms --max-rtt-timeout 3000ms --max-retries 50 -Pn --disable-arp-ping -n --script vuln,exploit,auth -v -oX <filename>

Command Explanation:

• -sTU sets the scan type to TCP connections and UDP scans.
• -T 5 Sets the timing template to aggressive, allowing for extremely fast scans (not recommended on unprotected systems as this may result in a DoS attack).
• -sV turns on service scanning.
• --min-rate 9000 tells Nmap to send 9000 packets per second.
• --initial-rtt-timeout 50ms tells Nmap to first wait 50ms for a response to each SYN packet it sends.
• --max-rtt-timeout 3000ms tells Nmap to wait for a response for at most 3000ms.
• --min-parallelism 9000 sets the minimum number of simultaneously running scripts to 9000.
• --max-retries 50 tells Nmap to retry 50 times to connect to the port.
• -Pn disables ping detection.
• --disable-arp-ping disable ARP probing.
• -n Disable DNS resolution.
• --script vuln,exploit,auth runs three scripts to test different types of vulnerabilities in the discovered ports.
• -v Returns verbose output.
• -oX Save the results to an XML file.
• -6 Optional parameter for scanning IPv6 addresses.

4. Use lsof to check open ports

The lsof command in Linux is used to list open files. However, if we add some switches to it, we will be able to see open internet connections and ports on our local machine. Here is how to check for open ports using lsof:

 lsof -i -n

Command Explanation:

• -i Lists all network and Internet files.
• -n Do not resolve hostnames.

5. Check open ports using netcat

netcat is a command-line utility that allows you to read and write from a TCP/UDP connection. Note that this is just one feature of netcat. You can view its man page using the man netcat command to explore all its features and how to use them.

Here's how to scan for open ports using netcat:

 nc -zv <ip-address> <start_port-end_port> | grep -v "refused"

Command Explanation:

• -z sets netcat to scanner mode.
• -v Returns verbose output.
• grep -v "refused" returns output lines without the word "refused". This is to prevent the terminal from being clogged with "connection refused" messages when netcat receives no output from the port.
• 2>&1 : This is an optional switch that you may need to turn on for grep to work when running netcat in verbose mode. netcat returns output to stderr (indicated by 2). Therefore, to grep the output, you must redirect stderr to stdout (indicated by 1) and then pipe it into grep.

The better you understand your network, the better you can protect it

Knowing which ports are open and which services are running on the system is an important step in defending against potential external attacks. This allows us to search for and shut down unnecessary services, find outdated services, and also detect if there are any malicious files running on the system, such as bind or reverse shell backdoors.

Original title: 5 Easy Ways to Check for Open Ports on Linux

Original author: DEBARSHI DAS