- How to check if port is in use on Linux or Unix
- How to check if port is in use in
- Option #1: lsof command
- Option #2: netstat command
- Linux netstat syntax
- FreeBSD/MacOS X netstat syntax
- OpenBSD netstat syntax
- Option #3: nmap command
- A note about Windows users
- Conclusion
- How to ping and test for a specific port from Linux or Unix command line
- Linux ping port using telnet command
- Use nc command
- Unix ping port using nmap command
- Use bash shell
- Use nping command
- Check open ports in Linux | Test firewall rules
- Method-1: Check open ports using nmap
- Understanding different states in nmap
- Method-2: Check list of open ports in Linux using hping3
- Method-3: Test firewall rules
- Summary
- Further Readings
- Related Posts
- 1 thought on “Check open ports in Linux | Test firewall rules”
How to check if port is in use on Linux or Unix
H ow do I determine if a port is in use under Linux or Unix-like system? How can I verify which ports are listening on Linux server? How do I check if port is in use on Linux operating system using the CLI?
It is important you verify which ports are listening on the server’s network interfaces. You need to pay attention to open ports to detect an intrusion. Apart from an intrusion, for troubleshooting purposes, it may be necessary to check if a port is already in use by a different application on your servers. For example, you may install Apache and Nginx server on the same system. So it is necessary to know if Apache or Nginx is using TCP port # 80/443. This quick tutorial provides steps to use the netstat, nmap and lsof command to check the ports in use and view the application that is utilizing the port.
| Tutorial details | |
|---|---|
| Difficulty level | Easy |
| Root privileges | Yes |
| Requirements | lsof, ss, and netstat on Linux |
| Est. reading time | 3 minutes |
How to check if port is in use in
To check the listening ports and applications on Linux:
- Open a terminal application i.e. shell prompt.
- Run any one of the following command on Linux to see open ports:
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo lsof -i:22 ## see a specific port such as 22 ##
sudo nmap -sTU -O IP-address-Here - For the latest version of Linux use the ss command. For example, ss -tulw
Let us see commands and its output in details.
Option #1: lsof command
The syntax is:
$ sudo lsof -i -P -n
$ sudo lsof -i -P -n | grep LISTEN
$ doas lsof -i -P -n | grep LISTEN ### [OpenBSD] ###
Sample outputs:
Fig.01: Check the listening ports and applications with lsof command
Option #2: netstat command
You can check the listening ports and applications with netstat as follows.
Linux netstat syntax
Run netstat command along with grep command to filter out port in LISTEN state:
$ netstat -tulpn | grep LISTEN
The netstat command deprecated for some time on Linux. Therefore, you need to use the ss command as follows:
sudo ss -tulw
sudo ss -tulwn
sudo ss -tulwn | grep LISTEN
Where, ss command options are as follows:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
- -t : Show only TCP sockets on Linux
- -u : Display only UDP sockets on Linux
- -l : Show listening sockets. For example, TCP port 22 is opened by SSHD server.
- -p : List process name that opened sockets
- -n : Don’t resolve service names i.e. don’t use DNS
FreeBSD/MacOS X netstat syntax
$ netstat -anp tcp | grep LISTEN
$ netstat -anp udp | grep LISTEN
OpenBSD netstat syntax
$ netstat -na -f inet | grep LISTEN
$ netstat -nat | grep LISTEN
Option #3: nmap command
The syntax is:
$ sudo nmap -sT -O localhost
$ sudo nmap -sU -O 192.168.2.13 ##[ list open UDP ports ]##
$ sudo nmap -sT -O 192.168.2.13 ##[ list open TCP ports ]##
Sample outputs:
Fig.02: Determines which ports are listening for TCP connections using nmap
A note about Windows users
You can check port usage from Windows operating system using following command:
netstat -bano | more
netstat -bano | grep LISTENING
netstat -bano | findstr /R /C:»[LISTEING]»
Conclusion
This page explained command to determining if a port is in use on Linux or Unix-like server. For more information see the nmap command and lsof command page online here
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
Источник
How to ping and test for a specific port from Linux or Unix command line
Linux ping port using telnet command
The syntax is:
telnet
telnet 192.168.2.254 80
Sample outputs:
To close your session, press Ctrl + ] + q .
Use nc command
The syntax is:
nc -vz
nc -vz www.cyberciti.biz 443
Sample outputs:
Unix ping port using nmap command
The syntax is:
nmap -PNp
nmap -p
nmap -p 22 www.cyberciti.biz
nmap -p 443 192.168.2.254
Sample outputs:
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
- How to set up Redis sentinel cluster on Ubuntu or Debian Linux
- How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
- How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
- A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
- How to protect Linux against rogue USB devices using USBGuard
Join Patreon ➔
Use bash shell
Use nping command
Nping is an open-source tool for network packet generation, response analysis and response time measurement. Nping allows users to generate network packets of a wide range of protocols, letting them tunevirtually any field of the protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator. The syntax is:
sudo nping —tcp -p
sudo nping —tcp -p 443 www.cyberciti.biz
Sample outputs:
Fig.01: nping just pinged www.cyberciti.biz host at port 443
🐧 Get the latest tutorials on Linux, Open Source & DevOps via
| Category | List of Unix and Linux commands |
|---|---|
| Documentation | help • mandb • man • pinfo |
| Disk space analyzers | df • duf • ncdu • pydf |
| File Management | cat • cp • less • mkdir • more • tree |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Linux Desktop Apps | Skype • Spotify • VLC 3 |
| Modern utilities | bat • exa |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop |
| Searching | ag • grep • whereis • which |
| Shell builtins | compgen • echo • printf |
| Text processing | cut • rev |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Comments on this entry are closed.
The nping utility that comes with NMap allows you to ‘ping’ a port by making a TCP connection to it. This does more than just check if the port is open. It verifies that it can be connected to.
I added a note about nping. Thanks!
Hi,
In line
nmap -p 443 192.168.2.254 443
remove last 443
thanks
Thanks for the heads up!
The shell approach is brilliant! Especially, when you’re working with some random docker containers. Thanks a lot!
Источник
Check open ports in Linux | Test firewall rules
Table of Contents
Lately I was going through some articles from different search engine to check open ports in Linux. I was quiet surprised with the results as most of these articles in the search results talks about using ss, netstat etc to check if a port is open in Linux.
You have to understand the difference and your requirement.
Do you want to check if a port is open on the destination server or between source and destination server?
Do you want to check if a port is in LISTENING state on the destination server.
As it doesn’t necessarily mean that if a port is not listening then it is not open. A port will be in LISTEN state only when it is in use by some process or else a port can be open and free but since it is not in USE it will not be listed with netstat, lsof, ss commands etc.
So I hope you are clear with your requirement.
In this article I will share the different ways to check open ports or if a port is open on the destination server in Linux.
Method-1: Check open ports using nmap
nmap is an open source tool for network exploration and security auditing. Let’s verify if nmap can successfully give us list of open ports on a Linux server:
Currently I have not added any firewall rules on my destination server:
Now let us check open ports between 35520-35522 on this server using some different client machine with nmap: 
We have used -PN to perform TCP SYN/ACK check on the provided list of ports but the output claims that all of these ports are closed. But this is not correct as there is no firewall on server-2 and this setup in in my local LAN so no other firewalls in between these servers.
Now here are the list of listening ports on server-2 : 
So if we try to scan these listening ports using nmap: 
All of these ports are marked as OPEN. So unless your ports are in use by some process, they will not be marked as OPEN.
Let’s perform some more tests. I will DROP all the incoming requests and only allow certain ports on server-2 using iptables:
List the applied rules
So I have explicitly allowed port 35520 , now let’s perform nmap scan for this port and some others: 
Now port 35520 is marked as CLOSED as it is explicitly allowed in iptables but currently is not in use while others are marked as FILTERED as they are blocked in firewall.
Understanding different states in nmap
Though the current version of NMAP is capable of performing many tasks, it initially started out as a port scanner. NMAP has certain ways to detect whether the port on the target system is open or closed. NMAP detects the status of the target port using predefined states as follows:
- Open: The Open state indicates that an application on the target system is actively listening for connections/packets on that port.
- Closed: The Closed state indicates there isn’t any application listening on that port. However, the port state could change to Open in the future.
- Filtered: The Filtered state indicates that either a firewall, a filter, or some kind of network hurdle is blocking the port and hence NMAP isn’t able to determine whether it is open or closed.
- Unfiltered: The Unfiltered state indicates that ports are responding to NMAP probes; however, it isn’t possible to determine whether they are open or closed.
- Open/Filtered: The Open/Filtered state indicates that the port is either filtered or open; however, NMAP isn’t precisely able to determine the state.
- Closed/Filtered: The Closed/Filtered state indicates that the port is either filtered or closed; however, NMAP isn’t precisely able to determine the state.
Method-2: Check list of open ports in Linux using hping3
Another wonderful tool to perform network scan is hping3 in Linux. You may download hping3 using EPEL repo.
We will retain the iptables rule which we applied in the previous example where we had blocked all the ports except 22 and 35520 and perform network scan using hping3: 
So based on the above hint, hping3 got a RESET request with ACK on port 35520 which means the port may be in OPEN state while the other ports in the provided range are not responding so they are closed.
If any of the port is in LISTENING state then hping3 will return SYN and ACK flag as shown below:
Method-3: Test firewall rules
Now you may using the tools which I explained above to check open ports but if you wish to test firewall rules then I would recommend using netcat or nc tool. nc can be used to open any port and mark it as listening and then on the client server you can again use nc to send some dummy data to test firewall rule.
Let us retain the above applied iptables rule, so on our server port 35520 is allowed in the firewall. To test this firewall rule, we will enable port 35520 using nc:
So our server is now listening on port 35520, now let’s try to connect to this port using any other client node:
As you can see, nc was able to connect to server-2 using port 35520. Now if you try to send any string from client to server:
Monitor the console on server-1 and you will receive this string:
Similarly let’s try to test firewall rule for any other port which is blocked (we have blocked all the ports except 35520 and 22):
Since port 35521 port is blocked in the firewall, the same will not be accessible from server-1 :
Summary
In this article I shared different methods to perform network scanning to check open ports and test firewall rules in Linux. There are many other tools available which can be used for this purpose. But again I don’t rely on telnet, ss or netstat commands for this purpose as they may not give you accurate data based on your requirement. nmap, hping3 are very vast tools with alot of different options and features which are not covered in this article. I would suggest to go through their man page and explore different options.
Further Readings
Related Posts
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!
1 thought on “Check open ports in Linux | Test firewall rules”
Hi I’m Very interesting to all your tutoes. And i think they can help many people to have a better understanting even me as a beginner in linux.
Источник
