How to check open ports in Linux: On local & remote hosts; nc, telnet, nmap, netstat commands.
In this article, we will look how to check for open ports on a remote Linux server.
The most commonly used commands for this purpose is telnet, nc, and nmap command.
Lets have a look at these commands one by one.
Check for open port on a remote host
1. Telnet command
Telnet(TErminaL over NETwork) command provides a user interface to interact with the other system via Telnet protocol.
# telnet server-name port-number
telnet host1.ngelinux.com 22 Trying 10.78.22.1... Connected to host1.ngelinux.com. Escape character is '^]'. Connection closed by foreign host.
2. Netcat command(nc command)
Netcat is a program for reading and writing to network connections via TCP or UDP protocol. Any network connection(or port open/close) related tasks are driven by netcat utility.
$ nc -vz web-host1.rtl.ngelinux.com 22 found 0 associations found 1 connections: 1: flags=82<CONNECTED,PREFERRED> outif ppp0 src 17.168.57.250 port 57952 dst 10.75.16.9 port 22 rank info not available TCP aux info available Connection to web-host1.rtl.ngelinux.com port 22 [tcp/ssh] succeeded! $
3. NMAP Command
NMAP(Network MAPper) is a tool which can do the complete host scanning and is helpful to explore the complete network and performing security audit.
It is a very powerful command, and hence risky too hence it is usually not found on production hosts.
[root@nglinux ~]# # nmap server2.ngelinux.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2018-11-09 13:12 IST Interesting ports on server2.ngelinux.com (192.168.0.87): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds You have new mail in /var/spool/mail/root
Here we have seen how to verify the open port on a remote host, however to verify on a local system we can use any of the following utlities.
Check for a open port on a local system.
Alongwith above commands, we have few more utilities available on a local system to check for open port.
1. LSOF command :- LSOF command is used to get list of open files
[root@nglinux ~]# lsof -n -P | grep -i LISTEN cupsd 1626 root 6u IPv6 12367 0t0 TCP [::1]:631 (LISTEN) cupsd 1626 root 7u IPv4 12368 0t0 TCP 127.0.0.1:631 (LISTEN) sshd 1773 root 3u IPv4 13040 0t0 TCP *:22 (LISTEN) sshd 1773 root 4u IPv6 13051 0t0 TCP *:22 (LISTEN) mysqld 2065 mysql 10u IPv4 13376 0t0 TCP *:3306 (LISTEN) httpd 2131 root 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2178 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2179 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2180 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2181 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2182 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2183 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2184 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN) httpd 2185 apache 4u IPv6 13469 0t0 TCP *:80 (LISTEN)
2. netstat command
Another useful command is netstat, which is generally used to get the complete network statistics including routing table, etc.
This command is very useful as its available on most of the Unix boxes.
[root@nglinux ~]# netstat -autnp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2065/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1773/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1626/cupsd tcp 0 0 172.21.49.220:22 172.21.49.169:49922 ESTABLISHED 3919/sshd tcp 0 0 :::80 :::* LISTEN 2131/httpd tcp 0 0 :::22 :::* LISTEN 1773/sshd tcp 0 0 ::1:631 :::* LISTEN 1626/cupsd udp 0 0 0.0.0.0:847 0.0.0.0:* 1468/portreserve udp 0 0 0.0.0.0:631 0.0.0.0:* 1626/cupsd udp 0 0 0.0.0.0:647 0.0.0.0:* 1468/portreserve udp 0 0 0.0.0.0:68 0.0.0.0:* 1651/dhclient