Network ports are standardized number identifiers that allow devices to use one IP address to handle multiple network requests simultaneously. Since there are 65535 port numbers, keeping a record of which ports are in use can be challenging.
This article will teach you how to check for open listening ports on a Linux system using five popular networking tools.
- A Linux distribution installed on a computer.
- Administrative access to the command line.
What Is a Listening Port?
Depending on the network setup, listening ports can be open or closed.
- Open ports accept outside connections using the correct protocol.
- Closed ports do not accept all the connections. They communicate with a predetermined outside service or application while a firewall blocks other attempted connections.
One listening port tied can host only one service. For instance, if there is a web server on the system that already uses port 80, any other installed web server will have to use a different, non-default port number.
How to Check Open Ports in Linux?
Linux users can check open ports using multiple available networking tools. Each tool displays the same results, but the output format and the amount of information vary.
The following sections provide instructions for checking open ports using lsof, netstat, ss, Nmap, and netcat utilities.
Check Ports via lsof Command
The lsof command allows users to list the programs that utilize listening ports and daemons that maintain active network connections.
lsof command to:
- Display a list of ports in use:
sudo lsof -nP -iTCP -sTCP:LISTEN
The command outputs a list of the connections that use the TCP protocol.
- Check a specific port number with this syntax:
sudo lsof -nP -i:[port-number]
For example, to check if port 5054 is in use, type:
sudo lsof -nP -i:5054
If the port is free, the command shows no output. If an application is using the port, the output shows its details:
- Specify the protocol you wish to scan by adding it to the
For example, to check if the UDP port 53 is open, type:
sudo lsof -nP -iUDP:53
The output shows if an application already uses the port.
Check Ports via netstat Command
The netstat command provides a network activity overview and statistics. Use the command below to display the listening ports on the system with
sudo netstat -tunpl
The command uses five command arguments:
-t- Queries the command for TCP ports.
-u- Queries for UDP ports.
-n- Avoids DNS lookup and shows only IP addresses to speed up the process.
-p- Displays the process ID and the name of the program using the port.
-l- Outputs listening ports.
Identify the listening ports/sockets by checking the
State column and looking for the label
Check Ports via ss Command
The ss command is a faster and easier-to-use version of the obsolete
netstat command. It uses the same options as
netstat, but provides more statistics in the output.
The following command scans TCP and UDP ports for listening sockets and displays them in a list:
sudo ss -tunl
The listening ports/sockets are marked as
LISTEN in the State column.
Check Ports via nmap Command
sudo nmap -n -PN -sT -sU -p- localhost
The following are the
nmap options used in the example.
-n- Skips DNS resolution.
-PN- Skips the discovery phase.
netstatto scan TCP and UDP ports, respectively.
-p-- Scans all the ports.
The output lists the open ports alongside the services that use them.
Note: If you want to scan a port range, specify it with the
-p option. For example, to scan only the UDP ports from 1 to 1023, type:
sudo nmap -p U:1-1023 localhost
Check Ports via nc Command
The nc command in Linux allows users to control the netcat utility.
netcat can scan the ports on local and remote systems and provide information on whether the ports are open, closed, or filtered by a firewall.
Note: In CentOS, RHEL, and Debian the natcat command is
Scan all the ports on the local system by typing:
nc -z -v localhost 1-65535
-z flag enables the zero-I/O mode used for scanning, while the
-v option tells
netcat to produce verbose output.
When the command is executed,
netcat attempts to connect to all the ports and reports on the success for each port. Scanning many ports at once produces an extensive output.
To show only the ports where the connection succeeded, i.e., the open ports, use the
2>$1 expression to redirect the output. Then, pipe the expression to the grep command and search for the word
nc -z -v localhost 1-65535 2>&1 | grep succeeded
By default, netcat scans TCP ports. To check UDP ports, add the
nc -z -v -u localhost 1-65535 2>&1 | grep succeeded
After reading this article, you should know how to use the five popular Linux utilities to check for open ports. Knowing which ports are open on your system may help you detect an intrusion or troubleshoot network-related issues.