Learn to list all open ports on Linux or Unix system. Also, view associated processes with them. A handy tip to troubleshoot service connectivity issues.
Many times in the life of sysadmin, you need to check which all ports open on your system. Sometimes you need to check if a particular port is listening on the server or not. If a particular service is communicating on a configured port or not. If a particular port has established connection or not.
All these things can be analysed with below commands.
netstat command :
Obviously first command is none other than netstat command. Use netstat with 4 options :
-a: Shows all sockets-p: Show related PID-t: TCP-u: UDP
# netstat -ptau
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:58573 *:* LISTEN 1013/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind
tcp 0 0 *:ssh *:* LISTEN 1208/sshd
tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 1287/master
tcp 0 0 ip-12-31-28-246.ap-:telnet 112.197.214.169:49648 ESTABLISHED 3213/in.telnetd
tcp 0 0 ip-12-31-28-246.ap-:telnet 200-163-187-49.scrce2:53440 ESTABLISHED 3215/in.telnetd
tcp 0 0 ip-12-31-28-246.ap-sou:ssh 59.182.17:49413 ESTABLISHED 1441/sshd
tcp 0 288 ip-12-31-28-246.ap-sou:ssh 59.182.17:50729 ESTABLISHED 1694/sshd
tcp 0 0 *:sunrpc *:* LISTEN 991/rpcbind
tcp 0 0 *:ssh *:* LISTEN 1208/sshd
tcp 0 0 *:telnet *:* LISTEN 1618/xinetd
tcp 0 0 localhost:ipp *:* LISTEN 1069/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 1287/master
tcp 0 0 *:56954 *:* LISTEN 1013/rpc.statd
udp 0 0 localhost:766 *:* 1013/rpc.statd
udp 0 0 *:39730 *:* 1013/rpc.statd
udp 0 0 *:bootpc *:* 884/dhclient
udp 0 0 *:netrcs *:* 991/rpcbind
udp 0 0 *:sunrpc *:* 991/rpcbind
udp 0 0 *:ipp *:* 1069/cupsd
udp 0 0 *:60991 *:* 1013/rpc.statd
udp 0 0 *:netrcs *:* 991/rpcbind
udp 0 0 *:sunrpc *:* 991/rpcbind
In above output you can see :
- The first column is a protocol
- Fourth column local address includes local IP, port, service
- Fifth column destination IP, port, etc
- The sixth column is the current state
- The last column is PID and process name which owns that socket
Another way is to use netstat with an option:
# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9633 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9634 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:7938 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9060 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9061 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:14502 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:14503 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8359 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:810 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9101 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9133 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8880 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8881 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9043 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9044 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:9081 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2809 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2810 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6556 0.0.0.0:* LISTEN
tcp 0 0 10.10.5.160:42124 10.10.5.199:35994 ESTABLISHED
tcp 0 0 10.10.5.160:42376 10.10.5.199:39154 ESTABLISHED
tcp 0 0 10.10.5.160:8881 10.10.5.160:55117 TIME_WAIT
tcp 0 0 10.10.5.160:44367 10.10.5.199:48181 ESTABLISHED
tcp 0 0 10.10.5.160:36671 10.10.5.199:58137 ESTABLISHED
tcp 1 0 10.10.5.160:56253 10.10.5.160:9081 CLOSE_WAIT
tcp 0 0 10.10.5.160:57168 10.10.5.52:1521 ESTABLISHED
tcp 0 0 10.10.5.160:8880 10.10.5.160:55035 TIME_WAIT
tcp 0 0 10.10.5.160:6556 10.100.22.173:51544 ESTABLISHED
udp 0 0 0.0.0.0:7938 0.0.0.0:*
udp 0 0 0.0.0.0:37909 0.0.0.0:*
udp 0 0 0.0.0.0:161 0.0.0.0:*
udp 0 0 0.0.0.0:804 0.0.0.0:*
udp 0 0 0.0.0.0:807 0.0.0.0:*
udp 0 0 0.0.0.0:177 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 203.127.98.134:123 0.0.0.0:*
udp 0 0 10.10.5.160:123 0.0.0.0:*
udp 0 0 127.0.0.1:123 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 7690 @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 11363 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 11003 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 8701 @/var/run/hald/dbus-RL64SjEdUd
unix 2 [ ACC ] STREAM LISTENING 247409367 /jas/HTTPServer/logs/cgisock.14073
unix 2 [ ACC ] STREAM LISTENING 247409370 /jas/HTTPServer/logs/siddport
unix 2 [ ACC ] STREAM LISTENING 11221 /tmp/.gdm_socket
unix 14 [ ] DGRAM 8008 /dev/log
unix 2 [ ACC ] STREAM LISTENING 7668 @ISCSID_UIP_ABSTRACT_NAMESPACE
unix 2 [ ] DGRAM 1797 @/org/kernel/udev/udevd
unix 2 [ ] DGRAM 8709 @/org/freedesktop/hal/udev_event
unix 2 [ ACC ] STREAM LISTENING 8700 @/var/run/hald/dbus-mO28j2Fpoe
unix 2 [ ACC ] STREAM LISTENING 7963 /var/run/audispd_events
unix 2 [ ACC ] STREAM LISTENING 10761 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 10709 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 8608 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 8675 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 11248 /tmp/.X11-unix/X0
unix 2 [ ] DGRAM 322339652
unix 2 [ ] STREAM CONNECTED 284330078
unix 2 [ ] STREAM CONNECTED 83187468
unix 2 [ ] DGRAM 11482214
unix 2 [ ] STREAM CONNECTED 98040
unix 3 [ ] STREAM CONNECTED 11366 @/tmp/fam-root-
unix 3 [ ] STREAM CONNECTED 11365
unix 3 [ ] STREAM CONNECTED 11356 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11355
unix 3 [ ] STREAM CONNECTED 11333 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11332
unix 3 [ ] STREAM CONNECTED 11306 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11305
unix 3 [ ] STREAM CONNECTED 11283 /tmp/.font-unix/fs7100
unix 3 [ ] STREAM CONNECTED 11282
unix 2 [ ] DGRAM 11254
unix 3 [ ] STREAM CONNECTED 11286 /tmp/.X11-unix/X0
unix 3 [ ] STREAM CONNECTED 11253
unix 3 [ ] STREAM CONNECTED 11252 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 11251
unix 3 [ ] STREAM CONNECTED 11006 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 11005
unix 3 [ ] STREAM CONNECTED 11000
unix 3 [ ] STREAM CONNECTED 10999
unix 2 [ ] DGRAM 10997
unix 2 [ ] DGRAM 10851
unix 2 [ ] DGRAM 10686
unix 2 [ ] DGRAM 10661
unix 2 [ ] DGRAM 10594
unix 2 [ ] DGRAM 10569
unix 2 [ ] DGRAM 10453
unix 3 [ ] STREAM CONNECTED 10344 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 10343
unix 3 [ ] STREAM CONNECTED 10298 @/var/run/hald/dbus-mO28j2Fpoe
unix 3 [ ] STREAM CONNECTED 10297
unix 3 [ ] STREAM CONNECTED 10117 @/var/run/hald/dbus-mO28j2Fpoe
unix 3 [ ] STREAM CONNECTED 10113
unix 3 [ ] STREAM CONNECTED 10096 /var/run/acpid.socket
unix 3 [ ] STREAM CONNECTED 10093
unix 3 [ ] STREAM CONNECTED 10063 @/var/run/hald/dbus-mO28j2Fpoe
unix 3 [ ] STREAM CONNECTED 10059
unix 3 [ ] STREAM CONNECTED 8704 @/var/run/hald/dbus-RL64SjEdUd
unix 3 [ ] STREAM CONNECTED 8703
unix 3 [ ] STREAM CONNECTED 8612
unix 3 [ ] STREAM CONNECTED 8611
unix 3 [ ] STREAM CONNECTED 8466
unix 3 [ ] STREAM CONNECTED 8465
unix 2 [ ] DGRAM 8343
unix 2 [ ] DGRAM 8016
unix 3 [ ] STREAM CONNECTED 7954
unix 3 [ ] STREAM CONNECTED 7953
lsof command :
Using lsof command also you can trace current open ports on the system. lsof mainly lists open files. Since sockets are treated as network files at the kernel level and they are treated as open when communicating, sockets can be listed using lsof!
lsof has -i option specifically to list network files.
# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 884 root 5u IPv4 10791 0t0 UDP *:bootpc
rpcbind 991 rpc 6u IPv4 11109 0t0 UDP *:sunrpc
rpcbind 991 rpc 7u IPv4 11111 0t0 UDP *:netrcs
rpcbind 991 rpc 8u IPv4 11112 0t0 TCP *:sunrpc (LISTEN)
rpcbind 991 rpc 9u IPv6 11114 0t0 UDP *:sunrpc
rpcbind 991 rpc 10u IPv6 11116 0t0 UDP *:netrcs
rpcbind 991 rpc 11u IPv6 11117 0t0 TCP *:sunrpc (LISTEN)
rpc.statd 1013 rpcuser 6u IPv4 11206 0t0 UDP localhost:766
rpc.statd 1013 rpcuser 7u IPv4 11210 0t0 UDP *:39730
rpc.statd 1013 rpcuser 8u IPv4 11214 0t0 TCP *:58573 (LISTEN)
rpc.statd 1013 rpcuser 9u IPv6 11218 0t0 UDP *:60991
rpc.statd 1013 rpcuser 10u IPv6 11222 0t0 TCP *:56954 (LISTEN)
cupsd 1069 root 6u IPv6 11412 0t0 TCP localhost:ipp (LISTEN)
cupsd 1069 root 7u IPv4 11413 0t0 TCP localhost:ipp (LISTEN)
cupsd 1069 root 9u IPv4 11416 0t0 UDP *:ipp
sshd 1208 root 3u IPv4 11960 0t0 TCP *:ssh (LISTEN)
sshd 1208 root 4u IPv6 11962 0t0 TCP *:ssh (LISTEN)
master 1287 root 11u IPv4 12158 0t0 TCP localhost:smtp (LISTEN)
master 1287 root 12u IPv6 12160 0t0 TCP localhost:smtp (LISTEN)
sshd 1441 root 3r IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED)
sshd 1444 ec2-user 3u IPv4 12964 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:49413 (ESTABLISHED)
xinetd 1618 root 5u IPv6 13908 0t0 TCP *:telnet (LISTEN)
sshd 1694 root 3r IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED)
sshd 1697 ec2-user 3u IPv4 14812 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:ssh-59.184.179.68:50729 (ESTABLISHED)
in.telnet 3420 root 0u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED)
in.telnet 3420 root 1u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED)
in.telnet 3420 root 2u IPv4 35294 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->5ec3c900.skybroadband.com:39192 (ESTABLISHED)
in.telnet 3422 root 0u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED)
in.telnet 3422 root 1u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED)
in.telnet 3422 root 2u IPv4 35326 0t0 TCP ip-12-31-28-246.ap-south-1.compute.internal:telnet->188-24-133-29.dynamic.brasov.rdsnet.ro:apwi-rxserver (ESTABLISHED)
In the above output, you can see which command being run by which user using which socket and state of the port at the end!
If you have any other trick to list open ports on the system, please let us know in the comments. We will add it to this post.