Posted on September 6, 2023 by nexonhost
How To Check For Listening Ports (Ports In Use).
Network port is identified by its number, the associated IP address, and type of the communication protocol, such as TCP or UDP.
Listening port is a network port on which an application or process listens on, acting as a communication endpoint.
Each listening port can be open or closed (filtered) using a firewall. In general terms, an open port is a network port that accepts incoming packets from remote locations.
You can’t have two services listening to the same port on the same IP address.
For example, if you are running an Apache web server that listens on ports 80 and 443 and you try to install Nginx , the later will fail to start because the HTTP and HTTPS ports are already in use.
Check Listening Ports with netstat
netstat is a command-line tool that can provide information about network connections.
To list all TCP or UDP ports that are being listened on, including the services using the ports and the socket status use the following command:
sudo netstat -tunlp
The options used in this command have the following meaning:
-t – Show TCP ports.
-u – Show UDP ports.
-n – Show numerical addresses instead of resolving hosts.
-l – Show only listening ports.
-p – Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.
The output will look something like this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12223/nginx: master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 30861/sshd tcp6 0 0 :::80 :::* LISTEN 12223/nginx: master tcp6 0 0 :::22 :::* LISTEN 30861/sshd tcp6 0 0 ::1:25 :::* LISTEN 1306/master udp 0 0 XX.XX.XX.XX 0.0.0.0:* 549/chronyd udp6 0 0 ::1:323 :::* 549/chronyd
The important columns in our case are:
Proto – The protocol used by the socket.
Local Address – The IP Address and port number on which the process listen to.
PID/Program name – The PID and the name of the process.
If you want to filter the results, use the grep command . For example, to find what process listens on TCP port 22 you would type:
sudo netstat -tnlp | grep :22
The output shows that on this machine port 22 is used by the SSH server:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 30861/sshd tcp6 0 0 :::22 :::* LISTEN 30861/sshd
If the output is empty it means that nothing is listening on the port.
You can also filter the list based on criteria, for example, PID, protocol, state, and so on.
netstat is obsolete and replaced with ss and ip , but still it is of the most used commands to check network connections.
Check Listening Ports with ss
ss is the new netstat. It lacks some of the netstat features, but exposes more TCP states and it is slightly faster. The command options are mostly the same, so the transition from netstat to ss is not difficult.
To get a list of all listening ports with ss you would type:
sudo ss -tunlp
The output is almost the same as the one reported by netstat:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=445,fd=3))
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=929,fd=13))
LISTEN 0 128 *:3306 *:* users:(("mysqld",pid=534,fd=30))
LISTEN 0 128 *:80 *:* users:(("apache2",pid=765,fd=4),("apache2",pid=764,fd=4),("apache2",pid=515,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=445,fd=4))
LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=929,fd=14))
LISTEN 0 70 *:33060 *:* users:(("mysqld",pid=534,fd=33))Check Listening Ports with lsof
lsof is a powerful command-line utility that provides information about files opened by processes.
In Linux, everything is a file. You can think of a socket as a file that writes to the network.
To get a list of all listening TCP ports with lsof type:
sudo lsof -nP -iTCP -sTCP:LISTEN
The options used are as follows:
-n – Do not convert port numbers to port names.
-p – Do not resolve hostnames, show numerical addresses.
-iTCP -sTCP:LISTEN – Show only network files with TCP state LISTEN.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 1306 root 13u IPv6 15905 0t0 TCP [::1]:25 (LISTEN) nginx 12223 root 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12223 root 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12750 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12750 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12751 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12751 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12752 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12752 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12753 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12753 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12754 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12754 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12755 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12755 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12756 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12756 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) nginx 12757 nginx 6u IPv4 678555 0t0 TCP *:80 (LISTEN) nginx 12757 nginx 7u IPv6 678556 0t0 TCP *:80 (LISTEN) sshd 30861 root 3u IPv4 20029662 0t0 TCP *:22 (LISTEN) sshd 30861 root 4u IPv6 20029664 0t0 TCP *:22 (LISTEN)
Most of the output columns names are self-explanatory:
COMMAND, PID, USER – The name, the pid and the user running the program associated with the port.
NAME – The port number.
To find what process is listening on a particular port, for example, port 3306 you would use:
sudo lsof -nP -iTCP:3306 -sTCP:LISTEN
For more information, visit the lsof man page and read about all other powerful options of this tool.
Conclusion
We have shown you several commands that you can use to check what ports are in use on your system, and how to find what process listens on a specific port.