Know which ports are in use on a system is a basic task for any administrator. From configuring interfaces to intrusion protection and going through any troubleshooting we can imagine, we must be able to check if a port is providing some kind of service in our environment.
Imagine the situation in which you have installed the CUPS printing service in your system and you do not know if the service has started correctly and raised its corresponding port 631 or its optional 515. In this guide we will show you three basic commands to detect the ports used by a system and what is its status.
Next we will review 3 basic commands that are especially useful in the administration of any system. Is about lsof, netstat and nmap, utilities that we will run from the terminal console and with root privileges.
Table of Contents
The command lsof is the most basic of how many we lend you and, being a native of Linux, the base that every user should know. To know the ports open in the system through this command, you must enter a sequence like the following, which it will show you various information where we will highlight: the name of the application (for example, sshd), the socket of the program (in this case the IP address 10.86.128.138 associated with port 22 that is LISTENING) and the identifier of the process (which would be 85379).
$ sudo lsof -i -P -n $ sudo lsof -i -P -n | grep LISTEN
The command netstat varies slightly in its syntax with respect to the previous one but presents some parameters much easier to memorize thanks to a simple mnemonic word. From now on do not forget the word slut, which refers to the following characteristics:
- p: Shows the connections for the specified protocol which can be TCP or UDP.
- u: List all UDP ports.
- t: List all TCP ports.
- o: Displays the timer.
- n: Shows the port number.
- a: Displays all active connections in the system.
Thus, entering the command and filtering it with a pipe we can get information about a certain port.
$ netstat -putona | grep numero-de-puerto
Nmap It is a utility that we allows to perform a multitude of scans in our system and one of them, the one of open ports in the equipment. To execute it we must introduce a sequence of the type nmap -sX -OY, taking X the value T or U for TCP or UDP connection respectively and the value Y the IP address of our machine (or localhost for short). Take a look at the following example.
</pre> $ sudo nmap -sU -O localhost $ sudo nmap -sT -O 192.168.0.1 <pre>
With these three applications you already have enough tools to determine the open ports of your machine. Do you use the same tools or do you know any other way to verify the open ports of a system?
5 comments, leave yours
I do not understand anything. Normal, I'm not a specialist, but it's interesting 🙂
Hello, good day, how can I see the data that is arriving through a port?
I have a device that by gprs sends me strings to port 10005 of my ubuntu and I need by terminal to see the strings that are coming to me, can you please support me? Thank you. slds
With the command netstat -putona I observe that the address 127.0.0.1 appears in two protocols tcp and upd, in both cases port 53. Is this normal or correct? Coincidentally I have problems with the dnsmasq and zimbra desktop that does not lift in ubuntu 16.04.
In trying to start zimbra it shows me: Page 127.0.0.1 has rejected the connection.
I appreciate your help in joining this community.
Just add: With ls you can know the path of the process and there are also other commands such as ss or fuser with which we can see which process is using a port.
Seen here: https://www.sysadmit.com/2018/06/linux-que-proceso-usa-un-puerto.html
Excellent, well summarized and explained, I do not forget about PUTONA hehe. ;-D