Post a Reply
147 views

How do I check if a port is in use on Linux?

  1. 4 weeks ago

    A network port in Linux is nothing but a number that identifies one side of a connection between two systems. All networked devices use port numbers to determine to which process a message should be delivered. The domain name and IP address are like a street address, and port numbers are like room numbers.

    Popular port numbers in Linux

    • HTTP – TCP 80
    • HTTPS – TCP 443
    • POP3 – TCP 110
    • SMTP – TCP 25
    • SSH – TCP 22
    • DNS/DOMAIN – TCP/UDP 53

    Use the cat command or grep command/egrep command to query port numbers as follows:

    cat /etc/services
    grep -w 80 /etc/services
    egrep -w '53/(tcp|udp)' /etc/services

    upload.png

    How to check if a port is in use on Linux

    The procedure is as follows:

    1.Open the terminal application
    2.Type any one of the followin command to check if a port is in use on Linux

        -sudo lsof -i -P -n | grep LISTEN
        -sudo netstat -tulpn | grep LISTEN
        -sudo netstat -tulpn | grep :443
        -sudo ss -tulpn | grep LISTEN
        -sudo ss -tulpn | grep ':22'

    Let us see some examples and sample commands in details.

    How can you find out which process is listening on a port on Linux

    Type the ss command or netstat command to see if a TCP port 443 is in use on Linux?

    sudo netstat -tulpn | grep :443
    sudo ss -tulpn | grep :443

    If a port is open, you should see the output as follows:

    tcp    0  0 0.0.0.0:443    0.0.0.0:*      LISTEN      438/nginx -g daemo

    The port 443 is in use and opened by nginx service. Where,

    • -t : Display TCP sockets/port
    • -u : Show UDP sockets/port
    • -l : See only listening sockets i.e. open port
    • -p : Also display process name that opened port/socket
    • -n : View addresses and port numbers in numerical format. Do not use DNS to resolve names.

    Getting a list of all open port in production

    Simply run:

    sudo lsof -i -P -n | grep LISTEN
    sudo ss -tulpn
    sudo netstat -tulpn

    Sample outputs:

    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      500/redis-server 12
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      438/nginx -g daemon
    tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      407/lighttpd    
    tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      438/nginx -g daemon
    tcp6       0      0 :::80                   :::*                    LISTEN      438/nginx -g daemon
    udp        0      0 0.0.0.0:68              0.0.0.0:*                           277/dhclient

    Another outputs from the lsof command:

    Check-if-a-port-is-in-use-on-Linux.png

    From the above outputs, it is clear that Lighttpd opened port TCP port 8080 and Nginx server opened TCP 80 and 443 ports. All of these servers run under a user named “www-data”.

 

or Sign Up to reply!