How To Check For Listening Ports (Ports In Use).
Network port is identified by its number, the associated IP address, and type of the communication protocol, such as TCP or UDP.
Listening port is a network port on which an application or process listens on, acting as a communication endpoint.
Each listening port can be open or closed (filtered) using a firewall. In general terms, an open port is a network port that accepts incoming packets from remote locations.
You can’t have two services listening to the same port on the same IP address.
For example, if you are running an Apache web server that listens on ports 80 and 443 and you try to install Nginx , the later will fail to start because the HTTP and HTTPS ports are already in use.
Check Listening Ports with netstat
netstat is a command-line tool that can provide information about network connections.
To list all TCP or UDP ports that are being listened on, including the services using the ports and the socket status use the following command:
The options used in this command have the following meaning:
-t – Show TCP ports.
-u – Show UDP ports.
-n – Show numerical addresses instead of resolving hosts.
-l – Show only listening ports.
-p – Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.
The output will look something like this:
The important columns in our case are:
Proto – The protocol used by the socket.
Local Address – The IP Address and port number on which the process listen to.
PID/Program name – The PID and the name of the process.
If you want to filter the results, use the grep command . For example, to find what process listens on TCP port 22 you would type:
The output shows that on this machine port 22 is used by the SSH server:
If the output is empty it means that nothing is listening on the port.
You can also filter the list based on criteria, for example, PID, protocol, state, and so on.
netstat is obsolete and replaced with ss and ip , but still it is of the most used commands to check network connections.
Check Listening Ports with ss
ss is the new netstat. It lacks some of the netstat features, but exposes more TCP states and it is slightly faster. The command options are mostly the same, so the transition from netstat to ss is not difficult.
To get a list of all listening ports with ss you would type:
The output is almost the same as the one reported by netstat:
Check Listening Ports with lsof
lsof is a powerful command-line utility that provides information about files opened by processes.
In Linux, everything is a file. You can think of a socket as a file that writes to the network.
To get a list of all listening TCP ports with lsof type:
The options used are as follows:
-n – Do not convert port numbers to port names.
-p – Do not resolve hostnames, show numerical addresses.
-iTCP -sTCP:LISTEN – Show only network files with TCP state LISTEN.
Most of the output columns names are self-explanatory:
COMMAND, PID, USER – The name, the pid and the user running the program associated with the port.
NAME – The port number.
To find what process is listening on a particular port, for example, port 3306 you would use:
For more information, visit the lsof man page and read about all other powerful options of this tool.
We have shown you several commands that you can use to check what ports are in use on your system, and how to find what process listens on a specific port.