How to Locate Open Ports in Linux

What is a Port?
First, let’s define what a port is. According to the IEFT, a port is:
“A logical entity for Internet communication. Ports serve two main purposes:
1. They provide a demultiplexing identifier to separate transport sessions between the same pair of endpoints
2. They may also identify the application protocol and associated service to which processes connect.”
In plain English, this simply means that a port is an endpoint through which data flows back and forth between two computers over a network. A computer has 65535 ports available to share information. These port numbers are based on a 16-bit number, which is where we derive the total number of available ports (0 to 65535).
These port numbers are assigned to specific services by IANA, which is responsible for maintaining the official port number designations. They designate port numbers based on three ranges:
- System (or well known) Ports (0-1023)
- User Ports (1024-49151)
- Dynamic and Private Ports (49152-65535)
Common Ports and Associated Programs
As we can see, many of these ports are easily recognizable once the service is associated with the port number.
- Port 20: FTP
- Port 21: FTP
- Port 22: SSH
- Port 23: Telnet
- Port 25: SMTP
- Port 26: Common Alternate SMTP port
- Port 37: cPanel's time servers (tcp out)
- Port 53: DNS/Named
- Port 80: HTTP
- Port 110: POP3
- Port 123: NTP
- Port 143: IMAP
- Port 443: HTTPS (SSL)
- Port 465: SMTPs (Secure SMTP)
- Port 993: IMAPs (Secure IMAP)
- Port 995: POP3s (Secure POP3)
- Port 1167: Guardian (buagent)
- Port 1433: Microsoft SQL Server
- Port 2073: cPanel Razor
- Port 2077: cPanel WebDAV
- Port 2078: cPanel WebDAV Secure port
- Port 2079: cPanel CalDAV and CardDAV
- Port 2080: cPanel CalDAV and CardDAV Secure port
- Port 2082: cPanel non-secure port
- Port 2083: cPanel secure port
- Port 2086: WHM non-secure port
- Port 2087: WHM secure port
- Port 2089: cp license
- Port 2095: cPanel webmail non-secure port
- Port 2096: cPanel webmail secure port
- Port 2443: Nodeworx/SiteWorx
- Port 3306: MySQL
- Port 3389: Remote Desktop Protocol (rdp)
- Port 4643: Virtuozzo Control Panel
- Port 6660-6669: IRC
- Port 8000: SHOUTcast
- Port 8080: Tomcat
- Port 8306: Plesk MySQL
- Port 8443: Plesk
- Port 49152:65534: Standard Passive FTP ports
TCP/UDP Protocol
The next step in the connection chain is the protocol used to connect to a service. A computer’s IP address is stored in a DNS record by an ISP (Internet Service Provider), contributing to the transfer of information.
When a computer requests to connect to another computer (or server), it uses the IP address listed in the DNS records to locate the other computer on the network. The service associated with the relevant port then uses one of these connection protocols to transmit the relevant information back to the requester. The open ports on the server listen for the unique communication requests on specific ports. The unique ports are associated with various software or services noted above.
For instance, when you open a browser and type in https://liquidweb.com, the https request is routed through an ISP or other internet provider, which then does a DNS lookup for that domain. Once the location of the IP is found, your https request is then routed to a server owned by Liquid Web. When the request hits the server, the service that is listening on port 443, in this case, Port 443 HTTPS (SSL), recognizes the request for a secure connection to the server and returns the webpage stored on the server securely.
Another example would be if you attempt to connect to an FTP server here at Liquid Web. The software (FileZilla for example) reaches out to the server’s IP address on port 21, the port the FTP service listens on. The request arrives, and if the port is open, the connection is allowed through the firewall. The FTP server then responds to the connection request, and if the user authentication is successful, your computer is now connected to the server via FTP.
Firewalls
After this, the firewall comes into play. The firewall monitors the traffic coming into and out of the server. The information stored in the firewall rules either allows or denies access based on the incoming TCP/UDP info and recognizes if the port is open or closed. Using the above FTP request as an example, if a firewall rule is set up to allow traffic to pass over port 21, the FTP request is forwarded to the FTP server where the connection is allowed. If port 21 is closed or blocked by a firewall rule, the request is denied and the connection will fail.
Services
Finally, if the request is allowed through the firewall, the service that listens to the specifically designated port receives the request and responds in kind. Granted, this is an oversimplification of the chain of events, but it demonstrates the overall process of how a request is related to a unique port. An IP address may have multiple services listening on any one of the ports listed above. When we connect to a server, we are connecting to an IP address and a port.
Finding Local Open Ports
In Linux, there are multiple ways to see if the service is listening. Typically, we can use the software installed on the server to see if a port is open.
Nmap
Nmap (Network Mapper) is an open-source network scanner used to discover services and hosts on a network. It sends packets of information to devices attached to the network and analyzes the responses. Nmap has many features for probing networks, including host discovery, service detection, and OS sensing. To install Nmap, we use the following commands.
root@host [~]# yum update -y
root@host [~]# yum install nmap -y
root@host [~]# nmap --version
To discover open ports, we can run one of these commands.
root@host [~]# nmap localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2021-01-14 14:24 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000080s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 987 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
9100/tcp open jetdirect
Nmap done: 1 IP address (1 host up) scanned in 1.63 seconds root@host [~]#
Another nmap command to use is as follows.
root@host [~]# nmap -sT -O localhost
Starting Nmap 6.40 ( http://nmap.org ) at 2021-01-14 14:26 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00039s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 987 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
9100/tcp open jetdirect
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.9
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
root@host [~]#
lsof
lsof is a linux command meaning list open files and is used in many Unix-like systems to report a list of all open files and the processes that opened them. If lsof is not installed, we use the following commands to install it.
root@host [~]# yum update -y
root@host [~]# yum install lsof
root@host [~]# lsof -v
To check open ports, use this command.
root@host [~]# lsof -i -P | grep -i "listen"
We can also use lsof as part of a larger, more complex command to sort and filter information returned from the command line. This command lists the total number of TCP/UDP connections.
root@host [~]# lsof -i | awk '{print $8}' | sort | uniq -c | grep 'TCP\|UDP'
Using this command, we can see all IPv4 ports using TCP connections.
root@host [~]# lsof -a -i4 -itcp
Or this command, which lists the process tied to an open port.
root@host [~]# lsof -i :80
netstat
netstat is a command-line utility that displays TCP network connections, routing tables, active network interfaces, and other network protocol statistics. To install netstat, run these commands.
root@host [~]# yum update -y
root@host [~]# yum net-tools -y
root@host [~]# netstat --version
These commands will provide the requested details when scanning for open port connections.
root@host [~]# netstat --listen
root@host [~]# netstat -tulpn | grep LISTEN
root@host [~]# netstat -plnt | awk '{print $1, $3, $7}'
ss
ss is the simpler and faster replacement for netstat. It is a command-line element used to return and display various network-related information.
This command lists a summary of network statistics.
root@host [~]# ss -s
Here, we see the UDP connections that are listening.
root@host [~]# ss -lu
This command shows TCP connections.
root@host [~]# ss -lt
Other ss commands using various flags and printing specific column output are below.
root@host [~]# ss -4 state listening | awk '{print $1, $4}'
root@host [~]# ss -tulwn | awk '{print $1, $5}'
root@host [~]# ss -stplu | awk '{print $1, $2, $5}'
Bash
Here is a command which uses multiple commands in bash to scan for open ports.
root@host [~]# HOST=127.0.0.1;for((port=1;port<=65535;++port)); do echo -en "$port ";if echo -en "open $HOST $port\nlogout\quit" | telnet 2>/dev/null | grep 'Connected to' > /dev/null; then echo -en "\n\nport $port/tcp is open\n\n";fi;done | grep open
port 21/tcp is open
port 25/tcp is open
port 53/tcp is open
port 80/tcp is open
port 110/tcp is open
port 111/tcp is open
port 143/tcp is open
port 443/tcp is open
port 465/tcp is open
port 587/tcp is open
port 878/tcp is open
port 953/tcp is open
port 993/tcp is open
port 995/tcp is open
port 2077/tcp is open
port 2078/tcp is open
port 2079/tcp is open
port 2080/tcp is open
port 2082/tcp is open
port 2083/tcp is open
port 2086/tcp is open
port 2087/tcp is open
port 2095/tcp is open
port 2096/tcp is open
port 3306/tcp is open
port 6379/tcp is open
port 9100/tcp is open
port 9104/tcp is open
port 9115/tcp is open
port 9117/tcp is open
port 9253/tcp is open
port 11211/tcp is open
port 25566/tcp is open
port 46648/tcp is open
Use CTRL +c to end this command.
Finding Remote Open Ports
nc or netcat
Netcat (or nc) is a command-line network utility that uses TCP to read and write data across network connections. The following commands will provide details about open ports on an external server.
root@host [~]# nc -vz [host] [port ranges] 2>&1 | grep succeeded
root@host [~]# netcat -zv [host] [port ranges] 2>&1 | grep succeeded
telnet
Telnet is an application protocol and command to provide text-based communication using a virtual terminal (VT) connection.
root@host [~]# yum install telnet telnet-server -y
root@host [~]# telnet 192.168.0.1 22
Because Linux treats everything like a file, we can use this to locate a port’s status and availability.
root@host [~]# echo > /dev/tcp/[host]/[port] && echo "The port is open!"
root@host [~]# echo > /dev/udp/[host]/[port] && echo "The port is open!"
root@host [~]# cat /etc/services | grep port#
Bash
root@host [~]# </dev/tcp/127.0.0.1/80) &>/dev/null && echo "OPEN" || echo "CLOSED"
root@host [~]# for i in {1..65535}; do (echo < /dev/tcp/127.0.0.1/$i) &>/dev/null && printf "\n[+] Open Port at\n: \t%d\n" "$i" || printf "."; done
root@host [~]# ip=192.168.1.254;for i in {1..65535}; do (echo < /dev/tcp/$ip/$i) &>/dev/null && printf "\n[+] Open TCP Port at: \t%d\n" "$i"; done
root@host [~]# declare -a array=($(tail -n +2 /proc/net/tcp | cut -d":" -f"3"|cut -d" " -f"1")) && for port in ${array[@]}; do echo $((0x$port)); done
root@host [~]# for p in {1..1023}; do(echo >/dev/tcp/localhost/$p) >/dev/null 2>&1 && echo "$p open"; done
We can also use a Python socket module or one of the curl, telnet, or wget commands.
etc/services
The /etc/services file is utilized by server software to render service names to associated port numbers. Typically, the file includes the service name, the port and protocol used, aliases, and any related comments.
root@host [~]# cat /etc/services | grep tcp
root@host [~]# cat /etc/services | grep udp
Locate the Port a Service is Running On
To locate the port a service is running on, use the following instructions. To identify the PID (or process ID number), we first use the ps command.
root@host [~]# ps aux | grep <PROCESS NAME>
root@host [~]# ps aux | grep ssh
root 47875 0.0 0.0 112808 964 pts/0 S+ 16:28 0:00 grep --color=auto ssh
root 101650 0.0 0.0 111448 2404 ? Ss 2020 1:42 /usr/sbin/sshd -D
Once we have the PID, run the following netstat command.
root@host [~]# netstat -plnt | grep <PID>
root@host [~]# netstat -plnt | grep 101650
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 101650/sshd
tcp6 0 0 :::22 :::* LISTEN 101650/sshd
root@host [~]#
This will give us the port(s) that the process is listening on. In this case, we can see that the ssh PID (101650) is listening on port 22.
Which Process is Listening on a Port?
Moving in the reverse direction, we can identify which process is listening on a port.
root@host [~]# lsof -i -P -n | grep LISTEN | grep ftp
pure-ftpd 101353 root 4u IPv4 12372180 0t0 TCP *:21 (LISTEN)
pure-ftpd 101353 root 5u IPv6 12372181 0t0 TCP *:21 (LISTEN)
root@host [~]#
===============
root@host [~]# netstat -tulpn |grep ftp
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 101353/pure-ftpd (S
tcp6 0 0 :::21 :::* LISTEN 101353/pure-ftpd (S
root@host [~]#
===============
root@host [~]# ss -tulpn | grep ftp
tcp LISTEN 0 9 *:21 *:* users:(("pure-ftpd",pid=101353,fd=4))
tcp LISTEN 0 9 [::]:21 [::]:* users:(("pure-ftpd",pid=101353,fd=5))
root@host [~]#
Conclusion
This tutorial explored what a port is, how they work, and other factors involved. We reviewed a list of common ports and their associated services. We also covered what other factors are involved in this communication process, including the TCP and UDP protocols, server software and services, and the firewall rules that allow or disallow traffic through those ports. Furthermore, we analyzed multiple commands used to gather information about the status of the ports and various ways for locating the open ports on a server, including several non-standard methods. In summary, open ports are how services on a computer communicate with another server over a network. Without this vital function, all computer programs we know and use today, including the internet itself, would not exist.
We pride ourselves on being The Most Helpful Humans In Hosting™!
Have questions? Our experienced system administrators and will explain how you can take advantage of this information today! If you are on a Fully Managed VPS server, Cloud Dedicated, Private Parent server, or a Dedicated server owner and need assistance, give us a call at 800.580.4985, or open a chat or ticket with us to find out more!
Related Articles:
- How to Edit the PHP Memory for Your WordPress Site via WP Toolkit
- 4 Methods for How to Install Yarn on Windows Server
- How to Install Bpytop Resource Monitoring Tool on AlmaLinux
- How to Fix “This Site Can’t Provide a Secure Connection” Error
- How to Install MongoDB on AlmaLinux
- How to Install PostgreSQL on AlmaLinux

About the Author: David Singer
I am a g33k, Linux blogger, developer, student, and former Tech Writer for Liquidweb.com. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.
Latest Articles
How to Edit the PHP Memory for Your WordPress Site via WP Toolkit
Read ArticleWhat is CGI-Bin and What Does it Do?
Read ArticleTop 10 Password Security Standards
Read ArticleTop 10 Password Security Standards
Read ArticleHow to Use the WP Toolkit to Secure and Update WordPress
Read Article