Home / ubuntu / Questions / 9368
Accepted
Jonas
Asked: 2010-10-26 04:49:03 +0800 CST

How can I see what ports are open on my machine?

  • 772

I would like to see what ports are open on my machine, e.g. what ports my machine is listening on. E.g. port 80 if I have installed a web server, and so on.

Is there any command for this?

networking server

10 Answers

  1. I've always used this:

    sudo netstat -ntlp

    If the netstat command is not available, install it with:

    sudo apt install net-tools
    • 366
  2. Best Answer

    nmap (install)

    Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.

    Use nmap 192.168.1.33 for internal PC or nmap external IP address.

    More information man nmap.

    Zenmap is the official GUI frontend.

    • 145

  3. Other good ways to find out what ports are listenting and what your firewall rules are:

    • sudo netstat -tulpn

    • sudo ufw status

    • 75

  4. To list open ports use the netstat command.

    For example:

        $ sudo netstat -tulpn | grep LISTEN
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      5452/dnsmasq    
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1037/cupsd      
    tcp6       0      0 ::1:631                 :::*                    LISTEN      1037/cupsd

    In the above example three services are bound to the loopback address.

    IPv4 services bound to the loopback address "127.0.0.1" are only available on the local machine. The equivalent loopback address for IPv6 is "::1". The IPv4 address "0.0.0.0" means "any IP address", which would mean that other machines could potentially connect to any of the locally configured network interfaces on the specific port.

    Another method is to use the lsof command:

        $ sudo lsof -nP -i | grep LISTEN
    cupsd     1037   root    9u  IPv6  11276      0t0  TCP [::1]:631 (LISTEN)
    cupsd     1037   root   10u  IPv4  11277      0t0  TCP 127.0.0.1:631 (LISTEN)
    dnsmasq   5452 nobody    5u  IPv4 212707      0t0  TCP 127.0.0.1:53 (LISTEN)

    For more details see man netstat or man lsof.

    • 30

  5. This is enough to show that there is a process listening on IP address 0.0.0.0 (needed so it will reply to any request) on port 80 (standard web server port number). In my case this shows it is the web server lighttpd

    $ sudo netstat -ntlp | grep :80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN          2495/lighttpd

    If you later want to make sure that the only thing you allow through your firewall is port 80 I often use ShieldsUp from www.grc.com to perform a firewall test.

    • 24

  6. sudo iptables -L will list the port rules for your pc. Note that if you are using ufw or shorewall firewalls the output maybe be hard to read. In that case rather use sudo ufw status for example.

    This is not very useful on its own as even if a port is open access will still be denied if there is no process listening on that port.

    • 11

  7. If you are looking for continuous monitoring of ports for server machines or local I think you can also use graphical version of nmap i.e Zenmap for more detailed version

    Zenmap is the official graphical user interface (GUI) for the Nmap Security Scanner.

    Supports available (Linux, Windows, Mac OS X, BSD, etc.)

    Have a look to this tool view:

    enter image description here

    • 5

  8. In latest Linux distro, most probably you won't find netstat command anymore.

    $ netstat

Command 'netstat' not found, but can be installed with:

sudo apt install net-tools

$

    However, if you want to use it, go ahead and install it with sudo apt install net-tools command.

    Fyi, netstat is obsolete (refer to the man page), so you should use ss intead of netstat.

    This program is obsolete. Replacement for netstat is ss.
    Replacement for netstat -r is ip route. Replacement for netstat -i is ip -s link. Replacement for netstat -g is ip maddr.

    E.g.

    $ ss -lnt
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port
LISTEN     0      5                 127.0.1.1:53                       *:*
LISTEN     0      128               127.0.0.1:631                      *:*
LISTEN     0      128                     ::1:631                     :::*

    Description

    ss = another utility to investigate sockets

    -l, --listening Display only listening sockets (these are omitted by default).

    -n, --numeric Do not try to resolve service names.

    -t, --tcp Display TCP sockets.

    • 3

  9. ss: Print: network connections routing tables interface statistics masquerade connections multicast memberships

    Install:
    sudo apt install net-tools

Example:
    ~$ ss -ntlp | grep LISTEN
    >
    LISTEN   0        4096             127.0.0.53%lo:53              0.0.0.0:*                                                                                      
    LISTEN   0        5                    127.0.0.1:631             0.0.0.0:*                                                                                      
    LISTEN   0        5                        [::1]:631                [::]:*                                                                                      
    LISTEN   0        50          [::ffff:127.0.0.1]:9614                  *:*
    • 2

  10. assuming u wanna check port 3000: netstat -na | grep 3000

    • 0