+5 votes
281 views
How to know and see open ports in Linux

in Linux / Unix by (552k points)
reopened | 281 views

1 Answer

+3 votes
Best answer

1. How to validate ports on Linux using netstat
2. How to validate ports using the ss Linux command
3 . How to validate ports using the Nmap Linux command
4. How to validate ports using the Lsof Linux command

Within the administration tasks there is a security level that is fundamental for the security of the entire infrastructure and are the system ports. For this we must take into account that each application that requires connecting to the computer , either through the Internet or through the local network , will need some connection ports for this purpose, these ports are called listening ports, and this type of Connections can have two senses that are incoming and outgoing..

The status of a port can be open, filtered, closed or unfiltered, but we must pay close attention to the open ports since certain security policies of the organization can be violated through these ports.

TechnoWikis will explain some ways on how we can see the ports currently open in Linux and thus determine whether or not administrative actions are taken..


1. How to validate ports on Linux using netstat


The netstat (network statistics) command has been developed in order to display a list of all active connections of a device including both incoming and outgoing.

The basic way to run netstat on Linux is with the following line:

 sudo netstat -ltup 
The parameters used are:
  • The -l value tells netstat to print all listener connectors.
  • The -t value displays all TCP connections.
  • With the value -u we will see all UDP connections.
  • With -p, printing of the application or program name listening on the port is enabled.

The result will be as follows:

image

If we want to print numerical values ​​instead of service names, it will be necessary to add parameter n:

 sudo netstat -lntup 
We will see the following: image

With netstat it will be possible to use the grep command to determine which application is listening through a particular port, for example, if we want to see what ports Apache uses:

 sudo netstat -lntup | grep "apache2" 
But it will also be possible to specify the port to validate:
 sudo netstat -lntup | grep ": 80" 
Some of the additional parameters to use with netstat are:
Display all connections and ports in listening mode
 -to 

Deploys the applications and executable files that are responsible for creating connections on the listening ports
 -b 

Generate Ethernet statistics
 -and 

Display ports and addresses in numerical format
 -n 

View the identity of each process (PID) involved
 -or 

Shows connections through protocols such as TCP, UDP, TCPv6, or UDPv6
 -p 

Display the route table
 -r 

Generate statistics by protocols
 -s 

It is used with -b, and thus be able to see sequences of components involved in creating a connection
 -v 

2. How to validate ports using the ss Linux command


The SS command is integrated in the IPROUTE2 package and is used to display the statistics of the sockets, this type of sockets can be of type TCP, UDP, PACKET, DCCP, RAW, UNIX and more.

The information we can obtain with the SS command is:

  • Information about TCP and UDP sockets with much more complete details.
  • Connections established by SSH, FTP, HTTP, HTTP and more.
  • Connections to the X server equipment.
  • Filter by status such as SYN-RECV, SYN-SENT, TIME-WAIT using addresses and ports.
  • Determine what type of TCP sockets are in FIN-WAIT-1 state.

With the following command we will deploy all listening ports for TCP and UDP connections in numerical value:

 sudo ss -lntu 
image

3 . How to validate ports using the Nmap Linux command


The Nmap (Network Mapper) command is one of the most complete solutions not only to validate the listening ports but also to carry out many more administration tasks at the network level since with it it is possible to execute ping sweeps, scan ports, identify services, perform IP address detection and operating system detection and more tasks.

It is one of the most practical utilities for administrators because thanks to Nmap we can explore local or external networks, perform security scans, network audits, search live hosts, operating systems, packet filters and more.

To install Nmap we must execute one of the following commands:

 sudo apt install nmap (Debian / Ubuntu) sudo yum install nmap (CentOS / RHEL) sudo dnf install nmap (Fedora) 
After this, to scan all open or listening ports on Linux, we will execute the following command:
 sudo nmap -n -PN -sT -sU -p- localhost 
image

Some of the parameters to use with Nmap are:

Protocol Scan
 s0 

ACK scan
 -sA 

Windows scan
 -sW 

RPC scan
 -Mr 

List / DNS Scan
 -sL 

Idle scan
 -yes 

No ping
 -Po 

TCP ping
 -PT 

Ping SYN
 - 

ICMP Ping
 -PI 

Ping TCP and ICMP
 -PB 

ICMP date and time
 -PB 

ICMP network mask
 -P.M 

Normal output
 -oN 

XML output
 -oX 

Greppable output
 -oG 

All exits
 -oA 

Run a serious scan with a span of 300 seconds between scans
 -T Paranoid 

Run a serial scan with a 15 second span between scans
 -T Sneaky 

Perform a serial scan with a 4 second span between scans
 -T Polite 

Parallel Scan
 -T Normal 

4. How to validate ports using the Lsof Linux command


The lsof command is a tool through which it will be possible to list the files opened in the system with details such as which files keep a certain process (PID) or user open and with details such as the port used by those services.

To list all the Internet and network files, we must use the -i option, with this command a combination of service names and number ports is displayed:

 sudo lsof -i 
image

If we want to see which application uses a specific port we can execute the following:

 sudo lsof -i: 80 
With any of these options it will be possible to visualize the open ports in Linux and have a better control over them.

by (3.5m points)
edited

Related questions

+5 votes
1 answer
asked Oct 26, 2019 in Linux / Unix by backtothefuture (552k points) | 1.8k views
+5 votes
1 answer
+3 votes
1 answer
asked Oct 31, 2019 in Linux / Unix by backtothefuture (552k points) | 262 views
+5 votes
1 answer
+3 votes
1 answer
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users