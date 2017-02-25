Learn to list all open ports on Linux or Unix system. Also view associated process with them. Handy tip to troubleshoot service connectivity issues.

Many times in life of sysadmin, you need to check which all ports open on your system. Sometimes you need to check if particular port is listening on server or not. If particular service is communicating on configured port or not. If particular port has established connection or not.

All these things can be analysed with below commands.





netstat command :

Obviously first command is none other than netstat command. Use netstat with 4 options :

-a : Shows all sockets

-p : Show related PID

-t : TCP

-u : UDP

# netstat -ptau Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:58573 *:* LISTEN 1013/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind tcp 0 0 *:ssh *:* LISTEN 1208/sshd tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd tcp 0 0 localhost:smtp *:* LISTEN 1287/master tcp 0 0 ip-12-31-28-246.ap-:telnet 112.197.214.169:49648 ESTABLISHED 3213/in.telnetd tcp 0 0 ip-12-31-28-246.ap-:telnet 200-163-187-49.scrce2:53440 ESTABLISHED 3215/in.telnetd tcp 0 0 ip-12-31-28-246.ap-sou:ssh 59.182.17:49413 ESTABLISHED 1441/sshd tcp 0 288 ip-12-31-28-246.ap-sou:ssh 59.182.17:50729 ESTABLISHED 1694/sshd tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind tcp 0 0 *:ssh *:* LISTEN 1208/sshd tcp 0 0 *:telnet *:* LISTEN 1618/xinetd tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd tcp 0 0 localhost:smtp *:* LISTEN 1287/master tcp 0 0 *:56954 *:* LISTEN 1013/rpc.statd udp 0 0 localhost:766 *:* 1013/rpc.statd udp 0 0 *:39730 *:* 1013/rpc.statd udp 0 0 *:bootpc *:* 884/dhclient udp 0 0 *:netrcs *:* 991/rpcbind udp 0 0 *:sunrpc *:* 991/rpcbind udp 0 0 *:ipp *:* 1069/cupsd udp 0 0 *:60991 *:* 1013/rpc.statd udp 0 0 *:netrcs *:* 991/rpcbind udp 0 0 *:sunrpc *:* 991/rpcbind 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 # netstat -ptau Active Internet connections ( servers and established ) Proto Recv - Q Send - Q Local Address Foreign Address State PID / Program name tcp 0 0 * : 58573 * : * LISTEN 1013 / rpc .statd tcp 0 0 * : sunrpc * : * LISTEN 991 / rpcbind tcp 0 0 * : ssh * : * LISTEN 1208 / sshd tcp 0 0 localhost : ipp * : * LISTEN 1069 / cupsd tcp 0 0 localhost : smtp * : * LISTEN 1287 / master tcp 0 0 ip - 12 - 31 - 28 - 246.ap - : telnet 112.197.214.169 : 49648 ESTABLISHED 3213 / in .telnetd tcp 0 0 ip - 12 - 31 - 28 - 246.ap - : telnet 200 - 163 - 187 - 49.scrce2 : 53440 ESTABLISHED 3215 / in .telnetd tcp 0 0 ip - 12 - 31 - 28 - 246.ap - sou : ssh 59.182.17 : 49413 ESTABLISHED 1441 / sshd tcp 0 288 ip - 12 - 31 - 28 - 246.ap - sou : ssh 59.182.17 : 50729 ESTABLISHED 1694 / sshd tcp 0 0 * : sunrpc * : * LISTEN 991 / rpcbind tcp 0 0 * : ssh * : * LISTEN 1208 / sshd tcp 0 0 * : telnet * : * LISTEN 1618 / xinetd tcp 0 0 localhost : ipp * : * LISTEN 1069 / cupsd tcp 0 0 localhost : smtp * : * LISTEN 1287 / master tcp 0 0 * : 56954 * : * LISTEN 1013 / rpc .statd udp 0 0 localhost : 766 * : * 1013 / rpc .statd udp 0 0 * : 39730 * : * 1013 / rpc .statd udp 0 0 * : bootpc * : * 884 / dhclient udp 0 0 * : netrcs * : * 991 / rpcbind udp 0 0 * : sunrpc * : * 991 / rpcbind udp 0 0 * : ipp * : * 1069 / cupsd udp 0 0 * : 60991 * : * 1013 / rpc .statd udp 0 0 * : netrcs * : * 991 / rpcbind udp 0 0 * : sunrpc * : * 991 / rpcbind

In above output you can see :

First column is protocol

Forth column local address includes local IP, port, service

Fifth column destination IP, port etc

Sixth column is current state

Last column is PID and process name which owns that socket

lsof command :

Using lsof command also you can trace current open ports on system. lsof mainely lists open files. Since sockets are treated as network files at kernel level and they are treated as open when communicating, sockets can be listed using lsof!

lsof has -i option specifically to list network files.

# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dhclient 884 root 5u IPv4 10791 0t0 UDP *:bootpc rpcbind 991 rpc 6u IPv4 11109 0t0 UDP *:sunrpc rpcbind 991 rpc 7u IPv4 11111 0t0 UDP *:netrcs rpcbind 991 rpc 8u IPv4 11112 0t0 TCP *:sunrpc (LISTEN) rpcbind 991 rpc 9u IPv6 11114 0t0 UDP *:sunrpc rpcbind 991 rpc 10u IPv6 11116 0t0 UDP *:netrcs rpcbind 991 rpc 11u IPv6 11117 0t0 TCP *:sunrpc (LISTEN) rpc.statd 1013 rpcuser 6u IPv4 11206 0t0 UDP localhost:766 rpc.statd 1013 rpcuser 7u IPv4 11210 0t0 UDP *:39730 rpc.statd 1013 rpcuser 8u IPv4 11214 0t0 TCP *:58573 (LISTEN) rpc.statd 1013 rpcuser 9u IPv6 11218 0t0 UDP *:60991 rpc.statd 1013 rpcuser 10u IPv6 11222 0t0 TCP *:56954 (LISTEN) cupsd 1069 root 6u IPv6 11412 0t0 TCP localhost:ipp (LISTEN) cupsd 1069 root 7u IPv4 11413 0t0 TCP localhost:ipp (LISTEN) cupsd 1069 root 9u IPv4 11416 0t0 UDP *:ipp sshd 1208 root 3u IPv4 11960 0t0 TCP *:ssh (LISTEN) sshd 1208 root 4u IPv6 11962 0t0 TCP *:ssh (LISTEN) master 1287 root 11u IPv4 12158 0t0 TCP localhost:smtp (LISTEN) master 1287 root 12u IPv6 12160 0t0 TCP localhost:smtp (LISTEN) sshd 1441 root 3r IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED) sshd 1444 ec2-user 3u IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED) xinetd 1618 root 5u IPv6 13908 0t0 TCP *:telnet (LISTEN) sshd 1694 root 3r IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED) sshd 1697 ec2-user 3u IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED) in.telnet 3420 root 0u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3420 root 1u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3420 root 2u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED) in.telnet 3422 root 0u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED) in.telnet 3422 root 1u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED) in.telnet 3422 root 2u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 # lsof -i COMMAND PID USER FD TYPE DEVICE SIZE / OFF NODE NAME dhclient 884 root 5u IPv4 10791 0t0 UDP * : bootpc rpcbind 991 rpc 6u IPv4 11109 0t0 UDP * : sunrpc rpcbind 991 rpc 7u IPv4 11111 0t0 UDP * : netrcs rpcbind 991 rpc 8u IPv4 11112 0t0 TCP * : sunrpc ( LISTEN ) rpcbind 991 rpc 9u IPv6 11114 0t0 UDP * : sunrpc rpcbind 991 rpc 10u IPv6 11116 0t0 UDP * : netrcs rpcbind 991 rpc 11u IPv6 11117 0t0 TCP * : sunrpc ( LISTEN ) rpc .statd 1013 rpcuser 6u IPv4 11206 0t0 UDP localhost : 766 rpc .statd 1013 rpcuser 7u IPv4 11210 0t0 UDP * : 39730 rpc .statd 1013 rpcuser 8u IPv4 11214 0t0 TCP * : 58573 ( LISTEN ) rpc .statd 1013 rpcuser 9u IPv6 11218 0t0 UDP * : 60991 rpc .statd 1013 rpcuser 10u IPv6 11222 0t0 TCP * : 56954 ( LISTEN ) cupsd 1069 root 6u IPv6 11412 0t0 TCP localhost : ipp ( LISTEN ) cupsd 1069 root 7u IPv4 11413 0t0 TCP localhost : ipp ( LISTEN ) cupsd 1069 root 9u IPv4 11416 0t0 UDP * : ipp sshd 1208 root 3u IPv4 11960 0t0 TCP * : ssh ( LISTEN ) sshd 1208 root 4u IPv6 11962 0t0 TCP * : ssh ( LISTEN ) master 1287 root 11u IPv4 12158 0t0 TCP localhost : smtp ( LISTEN ) master 1287 root 12u IPv6 12160 0t0 TCP localhost : smtp ( LISTEN ) sshd 1441 root 3r IPv4 12964 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : ssh - 59.184.179.68 : 49413 ( ESTABLISHED ) sshd 1444 ec2 - user 3u IPv4 12964 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : ssh - 59.184.179.68 : 49413 ( ESTABLISHED ) xinetd 1618 root 5u IPv6 13908 0t0 TCP * : telnet ( LISTEN ) sshd 1694 root 3r IPv4 14812 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : ssh - 59.184.179.68 : 50729 ( ESTABLISHED ) sshd 1697 ec2 - user 3u IPv4 14812 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : ssh - 59.184.179.68 : 50729 ( ESTABLISHED ) in .telnet 3420 root 0u IPv4 35294 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 5ec3c900.skybroadband.com : 39192 ( ESTABLISHED ) in .telnet 3420 root 1u IPv4 35294 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 5ec3c900.skybroadband.com : 39192 ( ESTABLISHED ) in .telnet 3420 root 2u IPv4 35294 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 5ec3c900.skybroadband.com : 39192 ( ESTABLISHED ) in .telnet 3422 root 0u IPv4 35326 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 188 - 24 - 133 - 29.dynamic.brasov.rdsnet.ro : apwi - rxserver ( ESTABLISHED ) in .telnet 3422 root 1u IPv4 35326 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 188 - 24 - 133 - 29.dynamic.brasov.rdsnet.ro : apwi - rxserver ( ESTABLISHED ) in .telnet 3422 root 2u IPv4 35326 0t0 TCP ip - 12 - 31 - 28 - 246.ap - south - 1.compute.internal : telnet -> 188 - 24 - 133 - 29.dynamic.brasov.rdsnet.ro : apwi - rxserver ( ESTABLISHED )

In above output you can see which command being run by which user using which socket and state of port at the end!

If you have any other trick to list open ports on system, please let us know in comments. We will add it to this post.