Linux Fundamentals - How to display listening ports in Linux
by
Jeremy Canfield |
Updated: September 19 2023
| Linux Fundamentals articles
NETSTAT
If netstat is not installed, use apt-get or yum to install net-tools.
[root@server1 ~]# yum install net-tools
The netstat -l option can be used to only display connections with a status of LISTEN. A port that is listening is considered to be open, and vice versa. In this example, the machine is listening for IPv4 connections on port 53 (DNS), 631 (IPP), 123 (NTP).
[root@server1 ~]# netstat -l
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:53 0.0.0.0:* LISTEN
tcp 0 0 localhost:631 0.0.0.0:* LISTEN
tcp 0 0 ::1:631 [::]:* LISTEN
udp 0 0 0.0.0.0:ntp 0.0.0.0:* LISTEN
The netstat -p (process ID, name) option adds a column that displays the PID and process name.
[root@server1 ~]# netstat -lp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program Name
tcp 0 0 localhost:53 0.0.0.0:* LISTEN 11938/dnsmasq
tcp 0 0 localhost:631 0.0.0.0:* LISTEN 10294/cupsd
tcp 0 0 ::1:631 [::]:* LISTEN 10294/cupsd
NMAP
Nmap can be used to display the open ports. In this example, ports 25 (SMTP) and 80 (HTTP) are open. -sS performs a TCP SYN Scan
[root@server1 ~]# nmap -sS localhost
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
| Option | Scan |
|---|---|
| -sA | TCP ACK scan |
| -sF | TCP FIN scan |
| -sM | TCP Maimon scan |
| -sN | TCP Null scan |
| -sO | IP protocol scan |
| -sS | TCP SYN scan |
| -sT | TCP Connect scan |
| -sU | UDP scan |
| -sV | Probe open ports to determine service info |
| -sW | TCP Window scan |
| -sX | TCP Xmas scan |
| -sY | SCTP INIT scan |
| -sZ | SCTP Cookie Echo scan |
To detect the operating system, add the -O option.
[root@server1 ~]# nmap -sT -O localhost
Did you find this article helpful?
If so, consider buying me a coffee over at 