If you wanted to know what you need to do to list all of the open ports within your Linux environment you’ve come to the right place. But first, let’s demystify the concept of ports and grasp why it’s crucial to maintain a comprehensive list of these access points.
In essence, a port serves as a gateway through which your operating system communicates with other devices or servers, facilitating the flow of network traffic. It’s like designated lanes on a busy highway, ensuring that each type of traffic reaches its intended destination without confusion.
When it comes to ports, two primary protocols reign supreme: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). These protocols dictate the rules of engagement for data transmission, each with its distinct range of port numbers. These port numbers are typically grouped into three main categories, serving as the backbone of network communication.
Linux System Ports
Also known as “well-known” ports. These are port numbers from 0 to 1023 which are considered important for typical system use, commonly these ports are considered quite critical for ensuring ongoing communications services.
Linux User Ports
Also know as “registered ports” which range from 1024 to 49151. It is possible to send a request to the Internet Assigned Numbers Authority (IANA) to request retention of one of these ports for your application.
Linux Private Ports
Also known as “dynamic ports” range from 49152 to 65535. These ports are open for whatever use case you deem privately necessary and so are dynamic in nature – they are not fixed to specific applications.
Now, even though many ports have specific uses, it is important to keep an eye on ports which are “open” without the need for that port to be open. This is because ports that are unnecessarily left open can be a security risk – and also a sign that an intrusion is actively occurring.
Understanding which ports are open and “listening” for communications is therefore absolutely crucial to ensuring that you block efforts to break into your systems. Of course, some common ports need to be left open in order to facilitate ordinary internet communications. For example:
- FTP (the file transfer protocol) uses port 20 for data transfers
- Likewise, FTP uses port 21 to issue commands and to control the FTP session
- Port 22 is dedicated to SSH, or secure shell login
- Telnet uses port 23 to facilitate remote logins but this port entails unencrypted messaging which is not secure so it’s not really recommended for use
- E-mail routing via SMTP (the simple mail transfer protocol) is achieved on port 25
- Port 43 is dedicated to the WHOIS system which can check who owns a domain
- The domain name service (DNS) makes use of port 53
- DHCP uses port 67 as the server port, and port 68 as the client port
- HTTP, the hypertext transfer protocol, uses port 80 to deliver web pages
- POP3, the e-mail centric “post office protocol” uses port 110
- Port 119 is used by the news transfer protocol, NNTP
- The network time protocol, NTP, uses port 123
- IMAP, another email protocol, makes use of port 143 to retrieve email messages
- SNP or the simple network management protocol uses port 161
- Port 194 is dedicated to IRC, the internet relay chat app
- Port 443 is dedicated to HTTPS, the secure version of HTTP delivered over TLS/SSL
- SMTP, the simple mail transfer protocol, uses port 587 to submit emails
It´s often possible to configure a specific service to use a port that is not the standard port, but this configuration needs to be made on both the sender and recipient side – in other words, on both client and server. Otherwise, if only one side uses a non-standard port configuration, communication won’t be possible.
How do you get a simple list of common open ports? Use this command:
$ cat /etc/services
Alternatively, you can modify the size of the list you get by adding “less” to your command
$ cat /etc/services | less
However, you can use a range of other commands on a Linux machine which will give you all the TCP and the UDP ports that are open and ready to receive communication from other machines. We will cover three in the following section – Isof, netstat and nmap.
The netstat or network statistics command
Most Linux distributions will include netstat by default in their installations. It’s a really capable tool which can display all the TCP/IDP network connections that are active – both for incoming connections and for outgoing connections. It also displays routing tables, plus the number of the network interface alongside comprehensive statistics for network protocols.
So, you can use netstat to troubleshoot and to measure the performance of your network. While basic, it´s a useful and essential too for finding faults in network services. It clearly tells you which ports are open, and where a program or service is listening on a specific port. We will now give you some examples on how to make use of netstat.
Retrieving a list of all TCP and UDP ports which are currently listening
It’s really simple: all you need to do is use the -a flag alongside a pipe that specifies less, this will give you TCP and UDP ports that are currently listening
$ netstat -a | less
To list all the connections that are listening
Make use of the -l flag in the netstat command to get a list of every port connection that is actively listening
$ netstat -l
Display ports that are open, alongside current TCP connections
Here, we combine a couple of flags to show a list of ports that are open and the established (TCP) connections.
$ netstat -vatn
A list of open UDP ports
You might only want to see the UDP ports that are open, excluding the open TCP ports. The command you need is this:
$ netstat -vaun
Get a list of your Linux services that are listening on TCP and UDP, a list of the open ports on your machine that are free, alongside the name and the PID of the service or program
This command gives you all the services and apps that listen on either TCP or UDP. It also gives you the open ports on your Linux instance that are free, plus the program name and process ID that is associated with every open socket.
$ netstat -tnlup
So you can see how the different commands you can use with netstat make it very versatile, allowing you to see what the status quo is on your Linux machine. But what exactly do these individual flags mean? It’s simple really:
- -a will show all sockets that are listening and all non-listening sockets too
- -l only shows ports that are actively listening
- -v means “verbose” and tells netstat to include additional information about any address families that are not currently configured
- -t restricts the listing to TCP connections only
- -u restricts the listing to UDP connections only
- -n tells netstat to display the numerical addresses too
- -p adds the process ID (PID) as well as the name of the program
Keep in mind that the seven flags we’ve shown above are just a couple of the many flags you can specify for netstat. Check out the help file by triggering
$ man netstat
You’ll get a full listing of all the options and features you can use with netstat.
nmap – the Network Mapper command
An open source tool, nmap is great for exploring your network, scanning it for security vulnerabilities and to audit your network. That said, new users might find nmap challenging to use because it´s so feature-rich: nmap comes with so many options that you might find it difficult to figure out, even if it does mean it is a very robust tool.
It’s worth remembering that nmap will deliver very extensive information about the network that it is scanning. So, do not use nmap on a network unless you have permission to examine it – permission to scan it. You need to have a reason to use nmap, in other words, and the permission of the network owner.
We will now give you a basic overview of nmap including typical usage of the map command. To start off with, here is the instructions you need to install nmap if you have Ubuntu or Debian server:
$ sudo apt-get install nmap
The command is slightly different if you’re using RHEL or CentOS:
$ sudo yum install nmap
There’s a file you can view for a wider picture of ports and services. Use this command:
$ less /usr/share/nmap/nmap-services
It’s an example of exactly how extensive the details are when you use nmap as a tool. If you want to experiment with nmap you could try to check out your own virtual private server, but you could also give nmap a go on the official nmap test server – located at scanme.nmap.org.
To try out some basic nmap commands we will make use of sudo privileges to ensure that the queries give complete results – not partial results. Remember, some nmap commands will take a little bit longer to execute.
Throughout these examples we will make use of mywebsite.com as the example domain; replace your actual domain in place of mywebsite.com when you run this command.
Scanning for open ports on a domain
$ sudo nmap -vv mywebsite.com
Here you can see we have used the -vv flag, which has a specific function. When you use -vv it means “verbose”, in other words, it will show you extensive output, including the process as nmap scans for open ports. Leave out the -vv flag and you will quickly see the difference.
List of ports that are listening for connections via TCP
$ sudo nmap -sT mywebsite.com
You’ll note the -sT flag, this is usually what you’d specify to scan for TCP connections when a SYN scan cannot be performed.
List of ports that are listening for connections via UDP
$ sudo nmap -sU mywebsite.com
So, -sU is what you use to get a UDP scan. However, you can scan for both UDP and TCP connections by using another flag, -sS. You’ll get a list covering both UDP and TCP.
Look at a specific port (instead of all ports)
$ sudo nmap -p port_number mywebsite.com
In this case, -p means that you only look at the port number specified in place of “port_number”.
Scan every open port on both TCP and UDP
$ sudo nmap -n -Pn -sT -sU -p- mywebsite.com
We use two flags here: first -n which specified to nmap that it must not make a reverse domain resolution for an active IP address, where it finds one. -Pn disables pinging, treating all of the hosts as if they are online.
It’s just a few examples but nmap is a fantastic tool that can help you a lot. Remember, typing $ man nmap will give you a full list of all the tools at your disposal; many of these are very useful for exploring the security of your network and finding potentially vulnerable points.
The lsof (List Open Files) command
It’s easy to remember what lsof means – the list open files command – just take ls as “list” and of as “open files” and you’ll clearly see why lsof means “list open files”.
Listing all active network connections
Use the -i flag with lsof in order to get a full list of every network connection which is both listening and established.
$ sudo lsof -i
Find a process that is using a specified port
As an example, for all processes which are currently operating on port 22, you’ll run this command:
$ sudo lsof -i TCP:22
Get a list of all the UDP and TCP connections
To list every single UDP and TCP connection just use this command:
$ sudo lsof -i tcp; sudo lsof -i udp;
Just like with nmap, you can check the manual for lsof in order to get a full view of all the options you have when you are using lsof.
Conclusion
Understanding ports in Linux is important for managing servers effectively. Throughout this guide, we’ve talked about different types of ports and introduced tools like netstat, nmap, and lsof to help you keep an eye on them. These tools help you see which ports are open and what services are running on your server.
Remember, it’s important to use these tools responsibly and not to scan networks without permission.
In summary, learning about ports and using tools like netstat, nmap, and lsof can make managing your Linux server easier and safer. Explore more about these tools to enhance your skills, but always remember to use them ethically.