You can check if a process listens on a TCP or UDP port with netstat -tuplen.
To check whether some ports are accessible from the outside (this is probably what you want) you can use a port scanner like Nmap from another system. Running Nmap on the same host you want to check is quite useless for your purpose.
OK, in summary, you have a server that you can log into. You want to see if something is listening on some port. As root, run:
netstat -nlp
this will show a listing of processes listening on TCP and UDP ports. You can scan (or grep) it for the process you're interest in,and/or the port numbers you expect to see.
If the process you expect isn't there, you should start up that process and check netstat again. If the process is there, but it's listening on a interface and port that you did not expect, then there's a configuration issue (e.g., it could be listening, but only on the loopback interface, so you would see 127.0.0.1:3306 and no other lines for port 3306, in the case of the default configuration for MySQL).
If the process is up, and it's listening on the port you expect, you can try running a "telnet" to that port from your Macbook in your office/home, e.g.,
telnet xxxxxxxxxxxx.co.uk 443
That will test if (assuming standard ports) that there's a web server configured for SSL. Note that this test using telnet is only going to work if the process is listening on a TCP port. If it's a UDP port, you may as well try with whatever client you were going to use to connect to it. (I see that you used port 224. This is masqdialer, and I have no idea what that is).
If the service is there, but you can't get to it externally, then there's a firewall blocking you. In that case, run:
iptables -L -n
This will show all the firewall rules as defined on your system. You can post that, but, generally, if you're not allowing everything on the INPUT chain, you probably will need to explicitly allow traffic on the port in question:
iptables -I INPUT -p tcp --dport 224 -j ACCEPT
or something along those lines. Do not run your firewall commands blindly based on what some stranger has told you on the Internet. Consider what you're doing.
If your firewall on the box is allowing the traffic you want, then your hosting company may be running a firewall (e.g., they're only allowing SSH (22/tcp), HTTP (80/tcp) and HTTPS (443/tcp) and denying all other incoming traffic). In this case, you will need to open a helpdesk ticket with them to resolve this issue, though I suppose there might be something in your cPanel that may allow it.
If you need to script such a test, the solution by Serhii Popov (see comment to question) is probably the best since nc is capable of searching the TCP stack for an open port³ instead of attempting an actual connection.
The simplest form is:
nc -z <ip> <port>
The command returns true if it find the specified <ip>:<port> combo as being opened (i.e. one of your services is listening).
So now you can write a script to wait until the port is open:
while ! nc -z <ip> <port>
do
sleep 1
done
Note 1: I tried the -w command line option and that did not seem to do anything. Either way the command returns immediately. I think that the -w is not useful with -z.
Note 2: to help debug, try with the -v command line option.
Note 3: nc -z ... actually creates a socket() and then attempts to bind() it and connect(). If that works, it deems the port open.
You can check if a process listens on a TCP or UDP port with
netstat -tuplen
.To check whether some ports are accessible from the outside (this is probably what you want) you can use a port scanner like Nmap from another system. Running Nmap on the same host you want to check is quite useless for your purpose.
Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):
Which will try to open a connection to port 80 on that server. If you get a time out or deny, the port is not open :)
OK, in summary, you have a server that you can log into. You want to see if something is listening on some port. As root, run:
this will show a listing of processes listening on TCP and UDP ports. You can scan (or grep) it for the process you're interest in,and/or the port numbers you expect to see.
If the process you expect isn't there, you should start up that process and check netstat again. If the process is there, but it's listening on a interface and port that you did not expect, then there's a configuration issue (e.g., it could be listening, but only on the loopback interface, so you would see 127.0.0.1:3306 and no other lines for port 3306, in the case of the default configuration for MySQL).
If the process is up, and it's listening on the port you expect, you can try running a "telnet" to that port from your Macbook in your office/home, e.g.,
That will test if (assuming standard ports) that there's a web server configured for SSL. Note that this test using telnet is only going to work if the process is listening on a TCP port. If it's a UDP port, you may as well try with whatever client you were going to use to connect to it. (I see that you used port 224. This is masqdialer, and I have no idea what that is).
If the service is there, but you can't get to it externally, then there's a firewall blocking you. In that case, run:
This will show all the firewall rules as defined on your system. You can post that, but, generally, if you're not allowing everything on the INPUT chain, you probably will need to explicitly allow traffic on the port in question:
or something along those lines. Do not run your firewall commands blindly based on what some stranger has told you on the Internet. Consider what you're doing.
If your firewall on the box is allowing the traffic you want, then your hosting company may be running a firewall (e.g., they're only allowing SSH (22/tcp), HTTP (80/tcp) and HTTPS (443/tcp) and denying all other incoming traffic). In this case, you will need to open a helpdesk ticket with them to resolve this issue, though I suppose there might be something in your cPanel that may allow it.
I use the combo of
netstat
andlsof
:To see if the port is being used, and what is using it.
If you are connected to the system and can run a command as root then you can check the output of iptables
this will list the firewall rules and which ports are open target
ACCEPT
and any explicitly closed ports targetREJECT
.lsof -i :ssh
will list all processes with the ssh port open, both listening and active connections.If you need to script such a test, the solution by Serhii Popov (see comment to question) is probably the best since
nc
is capable of searching the TCP stack for an open port³ instead of attempting an actual connection.The simplest form is:
The command returns true if it find the specified
<ip>:<port>
combo as being opened (i.e. one of your services is listening).So now you can write a script to wait until the port is open:
Note 1: I tried the
-w
command line option and that did not seem to do anything. Either way the command returns immediately. I think that the-w
is not useful with-z
.Note 2: to help debug, try with the
-v
command line option.Note 3:
nc -z ...
actually creates asocket()
and then attempts tobind()
it andconnect()
. If that works, it deems the port open.