How do I check if a port is in use on Linux?

#89
Topic created · 1 Posts · 5 Views
  • A network port in Linux is nothing but a number that identifies one side of a connection between two systems. All networked devices use port numbers to determine to which process a message should be delivered. The domain name and IP address are like a street address, and port numbers are like room numbers.

    Popular port numbers in Linux

    • HTTP – TCP 80
    • HTTPS – TCP 443
    • POP3 – TCP 110
    • SMTP – TCP 25
    • SSH – TCP 22
    • DNS/DOMAIN – TCP/UDP 53

    Use the cat command or grep command/egrep command to query port numbers as follows:

    cat /etc/services
    grep -w 80 /etc/services
    egrep -w '53/(tcp|udp)' /etc/services
    

    alt text

    How to check if a port is in use on Linux

    The procedure is as follows:

    1. Open the terminal application
    2. Type any one of the followin command to check if a port is in use on Linux
    - sudo lsof -i -P -n | grep LISTEN
    - sudo netstat -tulpn | grep LISTEN
    - sudo netstat -tulpn | grep :443
    - sudo ss -tulpn | grep LISTEN
    - sudo ss -tulpn | grep ':22'
    

    Let us see some examples and sample commands in details.

    [h]How can you find out which process is listening on a port on Linux[/h]

    Type the ss command or netstat command to see if a TCP port 443 is in use on Linux?

    sudo netstat -tulpn | grep :443
    sudo ss -tulpn | grep :443
    

    If a port is open, you should see the output as follows:

    tcp    0  0 0.0.0.0:443    0.0.0.0:*      LISTEN      438/nginx -g daemo
    

    The port 443 is in use and opened by nginx service. Where,

    • -t : Display TCP sockets/port
    • -u : Show UDP sockets/port
    • -l : See only listening sockets i.e. open port
    • -p : Also display process name that opened port/socket
    • -n : View addresses and port numbers in numerical format. Do not use DNS to resolve names.

    Getting a list of all open port in production

    Simply run:

    sudo lsof -i -P -n | grep LISTEN
    sudo ss -tulpn
    sudo netstat -tulpn
    

    Sample outputs:

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      500/redis-server 12
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      438/nginx -g daemon
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      407/lighttpd    
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      438/nginx -g daemon
    tcp6       0      0 :::80                   :::*                    LISTEN      438/nginx -g daemon
    udp        0      0 0.0.0.0:68              0.0.0.0:*                           277/dhclient
    

    Another outputs from the lsof command:

    alt text

    From the above outputs, it is clear that Lighttpd opened port TCP port 8080 and Nginx server opened TCP 80 and 443 ports. All of these servers run under a user named “www-data”.

Log in to reply