Check the Open Ports in Linux

The Ports on a Linux OS are used for exchange and transfer of data on the network connected devices.

A Very high number of security exploitation happen due to no surveillance of in bound connections targeting specific ports. It is most essential to identify the underlying Linux process opening up specific ports for listening over a shared network.

Thus, It is important to identify which ports are open on your Linux machine.

Firstly for basic administration tasks, identifying the port and its correlating application, so that you are well aware of the Open sockets and Enhance the network security by preventing the network intrusion by writing the firewall rules.

In this tutorial we will look at some of the most popular Linux network tools and see how to gather information, and identify the web server like process Apache Httpd or Nginx running so that you don’t conflict when you are configuring them and troubleshooting.

We will discuss some of the popular tools and their general commands syntax.

Netstat Command and its Syntax


Netstat gives you multiple features and a must know tool if you are in your day to day activities.

It gives out the information about the Open ports in you Linux machine along with the Established connection, TimeWait and Closed state connections.

The netstat command goes by netstat -ntlp


It stands for Socket Statistics, It is a command line utility which provides the information about Open ports, the corresponding process ID which opened the port.

ss command is the successor to netstat command in Linux and has the similar options as its predecessor, In Fact it necessarily is a better enhancement over the old netstat command,

First up lets run ss -tua, which lists all the TCP and UDP Sockets.

[vamshi@linuxcent ~]$ ss -tua

Netid  State     Recv-Q Send-Q                                  Local Address:Port                                                   Peer Address:Port

udp    UNCONN     0      0                                                                                             *:*

udp    UNCONN     0      0                                                                                             *:*

udp    UNCONN     0      0                                                   *:bootpc                                                            *:*

udp    UNCONN     0      0                                                   *:sunrpc                                                            *:*

udp    UNCONN     0      0                                                                                                *:*

udp    UNCONN     0      0                                                   *:lanserver                                                         *:*

udp    UNCONN     0      0                                                [::]:sunrpc                                                         [::]:*

udp    UNCONN     0      0                                               [::1]:323                                                            [::]:*

udp    UNCONN     0      0                                                [::]:lanserver                                                      [::]:*

tcp    LISTEN     0      100                                                                                             *:*

tcp    LISTEN     0      128                                                 *:sunrpc                                                            *:*

tcp    LISTEN     0      128                                                 *:ssh                                                               *:*

tcp    ESTAB      0      0                                                                           

tcp    LISTEN     0      100                                             [::1]:smtp                                                           [::]:*

tcp    LISTEN     0      70                                               [::]:33060                                                          [::]:*

tcp    LISTEN     0      128                                              [::]:mysql                                                          [::]:*

tcp    LISTEN     0      128                                              [::]:sunrpc                                                         [::]:*

tcp    LISTEN     0      128                                              [::]:http                                                           [::]:*

tcp    LISTEN     0      128                                              [::]:ssh                                                            [::]:*


How to get the Established connection information using ss command in linux

$ ss -tua state established


[vamshi@node02 ~]$ ss -l sport = 80

The detailed options ss offers are as follows:

-a : Displays all Sockets:

-i : Displays internal TCP information

-t : Displays only TCP Sockets

-l : Displays Only Listening Sockets

-u : Displays only UDP Sockets

-r : Resolves host names

-n : Doesn’t Resolve the Hostnames

-p : Display process information using the Socket


ss command takes the following state option filters

established syn-sent |syn-recv |fin-wait-{1,2} |time-wait |closed |close-wait |last-ack |listen |closing



It is one of the most popular open source tools to explore networks and mainly used for security auditing.

NMAP is used extensively for Host Discovery , Port and Protocol Scanning such as ICMP, TCP and UDP Port Scanning.

The service and its version Detection, Operating system Detection.

It is one of the Intrusion prevention tool when used effectively and used for greater security Reporting.

run the command sudo nmap localhost

$ sudo nmap
$ vamshi@linuxcent: ~ $ nmap

Starting Nmap 7.70 ( ) at 2020-04-10 13:45 GMT

Nmap scan report for

Host is up (0.00014s latency).

Not shown: 996 closed ports


21/tcp   open ftp

22/tcp   open ssh

53/tcp   open domain

80/tcp   open http

111/tcp  open rpcbind

3306/tcp open  mysql

8009/tcp open  ajp13

MAC Address: 08:00:27:5A:26:BD (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds

It lists all the ports that are Open and even lists up the MAC Address of the Target Host.

How to scan a list of hosts from a file using nmap command

You can do it and run the command as demonstrated below:

$ nmap -iL /etc/hosts # where you have a list of ip/dns names

To increase the verbosity of nmap output use -v<n> where n is a number ranging from 0 – 9

This offer a lot of options to gather information passively and lets see some options listed below:


-sn : Lists and does Ping Scan on the network; Least aggressive

-sL : Lists hosts to scan on the network

-O : Enables Target Host OS detection.

-sS : Does the syn Scan, in stealth mode.

-sT : Performs TCP port Scan

-sU : Performs UDP port Scan.

-p : Scans only for Target Port Listed Eg: # sudo nmap -v  -sS -p80

-PA : TCP Ack Flag is set

-sV : Extracts the Service Version information and the Operating System information from Target Hosts.



lsof linux command gives the information on the list of open files on the system as the abbreviation says. It’s one of the valuable tools when troubleshooting under fire, Gives you the practical linux system behaviour

Start it by running lsof command, will print a bunch of information including the all the programs currently started and owned by you, It includes the block/filesystem files, network stream data/character files, virtual memory paging and temporary data files.

Listing the openfiles using lsof

Now run lsof -u <Your login username>

$ lsof -u vamshi

# Prints a bunch of information about the open files for a particular user.

Now lsof has a lot of options to extract relevant information

To list the total number of open files on the system

$ sudo lsof | wc -l
$ sudo lsof -i TCP :22
$ sudo sudo lsof -P -i:22
vamshi@linuxcent:~$ sudo lsof -i -P :22


sshd     380   root    3u  IPv4  13672     0t0  TCP *:22 (LISTEN)

sshd     380   root    4u  IPv6  13683     0t0  TCP *:22 (LISTEN)

sshd    1295   root    3u  IPv4  20367     0t0  TCP> (ESTABLISHED)

sshd    1307 vamshi    3u  IPv4  20367     0t0  TCP> (ESTABLISHED)

Lists the information of open and Established connections of the given port

lsof offer a lot of options and filters, lets list some of the most commonly used ones below:


-u : takes the username as filter option, Lists openfiles caused by the given username

-i : Lists the open files belonging to the Service port numbers

-P : Inhibits the translation of service names based on port number and prints the port number for simplicity purpose.


Leave a Comment