Secure ports in linux

Check open ports in Linux | Test firewall rules

Table of Contents

Lately I was going through some articles from different search engine to check open ports in Linux. I was quiet surprised with the results as most of these articles in the search results talks about using ss, netstat etc to check if a port is open in Linux.

You have to understand the difference and your requirement.

Do you want to check if a port is open on the destination server or between source and destination server?

Do you want to check if a port is in LISTENING state on the destination server.

As it doesn’t necessarily mean that if a port is not listening then it is not open. A port will be in LISTEN state only when it is in use by some process or else a port can be open and free but since it is not in USE it will not be listed with netstat, lsof, ss commands etc.

So I hope you are clear with your requirement.

In this article I will share the different ways to check open ports or if a port is open on the destination server in Linux.

Method-1: Check open ports using nmap

nmap is an open source tool for network exploration and security auditing. Let’s verify if nmap can successfully give us list of open ports on a Linux server:

Currently I have not added any firewall rules on my destination server:

Now let us check open ports between 35520-35522 on this server using some different client machine with nmap:

We have used -PN to perform TCP SYN/ACK check on the provided list of ports but the output claims that all of these ports are closed. But this is not correct as there is no firewall on server-2 and this setup in in my local LAN so no other firewalls in between these servers.

Now here are the list of listening ports on server-2 :

So if we try to scan these listening ports using nmap:

All of these ports are marked as OPEN. So unless your ports are in use by some process, they will not be marked as OPEN.

Let’s perform some more tests. I will DROP all the incoming requests and only allow certain ports on server-2 using iptables:

List the applied rules

So I have explicitly allowed port 35520 , now let’s perform nmap scan for this port and some others:

Now port 35520 is marked as CLOSED as it is explicitly allowed in iptables but currently is not in use while others are marked as FILTERED as they are blocked in firewall.

Understanding different states in nmap

Though the current version of NMAP is capable of performing many tasks, it initially started out as a port scanner. NMAP has certain ways to detect whether the port on the target system is open or closed. NMAP detects the status of the target port using predefined states as follows:

• Open: The Open state indicates that an application on the target system is actively listening for connections/packets on that port.
• Closed: The Closed state indicates there isn’t any application listening on that port. However, the port state could change to Open in the future.
• Filtered: The Filtered state indicates that either a firewall, a filter, or some kind of network hurdle is blocking the port and hence NMAP isn’t able to determine whether it is open or closed.
• Unfiltered: The Unfiltered state indicates that ports are responding to NMAP probes; however, it isn’t possible to determine whether they are open or closed.
• Open/Filtered: The Open/Filtered state indicates that the port is either filtered or open; however, NMAP isn’t precisely able to determine the state.
• Closed/Filtered: The Closed/Filtered state indicates that the port is either filtered or closed; however, NMAP isn’t precisely able to determine the state.

Method-2: Check list of open ports in Linux using hping3

Another wonderful tool to perform network scan is hping3 in Linux. You may download hping3 using EPEL repo.

We will retain the iptables rule which we applied in the previous example where we had blocked all the ports except 22 and 35520 and perform network scan using hping3:

So based on the above hint, hping3 got a RESET request with ACK on port 35520 which means the port may be in OPEN state while the other ports in the provided range are not responding so they are closed.

If any of the port is in LISTENING state then hping3 will return SYN and ACK flag as shown below:

Method-3: Test firewall rules

Now you may using the tools which I explained above to check open ports but if you wish to test firewall rules then I would recommend using netcat or nc tool. nc can be used to open any port and mark it as listening and then on the client server you can again use nc to send some dummy data to test firewall rule.

Let us retain the above applied iptables rule, so on our server port 35520 is allowed in the firewall. To test this firewall rule, we will enable port 35520 using nc:

So our server is now listening on port 35520, now let’s try to connect to this port using any other client node:

As you can see, nc was able to connect to server-2 using port 35520. Now if you try to send any string from client to server:

Monitor the console on server-1 and you will receive this string:

Similarly let’s try to test firewall rule for any other port which is blocked (we have blocked all the ports except 35520 and 22):

Since port 35521 port is blocked in the firewall, the same will not be accessible from server-1 :

Summary

In this article I shared different methods to perform network scanning to check open ports and test firewall rules in Linux. There are many other tools available which can be used for this purpose. But again I don’t rely on telnet, ss or netstat commands for this purpose as they may not give you accurate data based on your requirement. nmap, hping3 are very vast tools with alot of different options and features which are not covered in this article. I would suggest to go through their man page and explore different options.

Further Readings

Related Posts

Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

1 thought on “Check open ports in Linux | Test firewall rules”

Hi I’m Very interesting to all your tutoes. And i think they can help many people to have a better understanting even me as a beginner in linux.

Источник

How to Find Out List of All Open Ports in Linux

In this article, we will briefly talk about ports in computer networking and move to how you can list all open ports in Linux.

In computer networking, and more definitely in software terms, a port is a logical entity which acts as a endpoint of communication to identify a given application or process on an Linux operating system. It is a 16-bit number (0 to 65535) which differentiates one application from another on end systems.

The two most popular Internet transport protocols, Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) and other less known protocols use port numbers for communication sessions (source and destination port numbers in conjunction with the source and destination IP addresses).

In addition, a combination of an IP address, port and protocol such as TCP/UDP is known as a socket, and every service must have a unique socket.

Below are the different categories of ports:

1. 0-1023 – the Well Known Ports, also referred to as System Ports.
2. 1024-49151 – the Registered Ports, also known as User Ports.
3. 49152-65535 – the Dynamic Ports, also referred to as the Private Ports.

You can view a list of different applications and port/protocol combination in /etc/services file in Linux using cat command:

To list all open ports or currently running ports including TCP and UDP in Linux, we will use netstat, is a powerful tool for monitoring network connections and statistics.

1. -l – prints only listening sockets
2. -n – shows port number
3. -t – enables listing of tcp ports
4. -u – enables listing of udp ports

You can also use ss command, a well known useful utility for examining sockets in a Linux system. Run the command below to list all your open TCP and UCP ports:

Make it a point to read through the man pages of the commands above for more usage information.

In summary, understanding the concept of ports in computer networking is very vital for system and network administrators. You can as well go through this netstat guide with simple, precise and well explained examples.

Last but not least, get in touch with us by sharing other methods for listing open ports in Linux or asking a question via the response form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

How to Check Which Ports Are in Use on Your Linux System

One step in securing a Linux computer system is identifying which ports are active. Your system’s active ports give you information about which outside applications may be connected to your system. You can also discover if you are unintentionally exposing an application or service to the internet, like a MySQL database. There are several Linux tools that help you discover which ports are in use and identify both ends of active communications. This guide introduces three common tools you can use find the active ports on your Linux server or computer with links to guides that dive deeper into each tool.

What is a Port in Computer Networking?

Service names and port numbers are used to distinguish between different services that run over transport protocols. Common transport protocols are TCP, UDP, DCCP, and SCTP. These protocols enable communication between applications by establishing a connection and ensuring data is transmitted successfully. Well-known port assignments, such as HTTP at port 80 over TCP and UDP, are listed at the IANA Service Name and Transport Protocol Port Number Registry. These port assignments help distinguish different types of network traffic across the same connection.

Which Linux System Ports Are in Use?

Three tools to help you check ports in use on a Linux system are:

• netstat: This tool shows your server’s network status.
• ss: You can view socket statistics with the ss tool. For example, ss allows you to monitor TCP, UDP, and UNIX sockets.
• lsof: This Linux utility lists open files. Since everything on a Linux system can be considered a file, lsof provides a lot of information on your entire system.

Using netstat

This tool is great for inspecting the following areas of your Linux system:

• Unix sockets and network connections
• Routing tables
• Network interfaces
• Network protocols
• Multicast group membership

Running netstat without any options displays all open sockets and network connections, which can generate a lot of output. You can control the output using netstat’s command-line options. For example, to view the PID and program name for a system’s listening TCP connections, run netstat with the following command-line options:

The output resembles the following:

To learn how to install netstat, interpret its output, and view common command line options, see our Inspecting Network Information with netstat guide.

Using ss

The ss tool was created to improve upon netstat and provides more functionality. It allows you to monitor TCP, UDP, and UNIX sockets. A socket enables programs to communicate with each other across a network and is comprised of an IP address and a port number.

Running the ss with no options displays TCP, UDP, and UNIX sockets. Similar to netstat, restrict the ss command’s output by using command-line options. For example, to view all listening and non-listening TCP sockets issue the following command:

The output resembles the following:

To take a deeper dive into the ss tool, read our Learning to Use the ss Tool to its Full Potential guide. This guide provides commands specific to each protocol, commands to view general statistics about a system’s current connections, and ways to filter your output.

Using lsof

Since everything on a Linux system can be considered a file, the lsof tool can report on many aspects of a system, including open network interfaces and network connections. The lsof tool is preinstalled on many Linux distributions, so you may consider using it before a tool you need to install. One unique feature of the lsof tool is repeat mode*. This mode allows you to run the lsof command continuously on a timed interval. When inspecting your system to find information about which ports are in use, lsof can return information about which user and processes are using a specific port. For example, when working with a local development environment you may want to find which localhost ports are currently in use. Use the following command to retrieve this information:

The output returns a similar response:

To learn more about the lsof command read our How to List Open Files with lsof guide. This guide provides information about command-line options, the anatomy of the lsof output, and filtering your output with regular expressions.

This page was originally published on Thursday, February 25, 2021.

Источник