How to check which process is listening on which ports in Linux

Leave a Comment / Linux
Share this article

Whenever any application is running on the internet it needs an IP address and the port number. For example, when you run the web application you run a web server (Nginx or Apache) and it is running mostly on port 80 or 443. Running a web server on a different port is also possible.

  • IP address: It is a address of a system in the Network.
  • Port: There are multiple services running on the system. Port number is a address of a service within the System.
  • Whenever you want to access a service on the network it is identified by  IP address + Port.

In this article, we will look into how to list all the ports which are being used by different services. Some time for debugging and security purposes we need to check the ports which are being used or in other words which ports are listening on the machine. In this tutorial, we will use netstat command.

Use netstat command

To list all the ports in Linux we will use the netstat command in this section. The command print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Use the following command to list all the ports

sudo netstat -ntulp

The option used in above commands:

  • -t : list tcp ports
  • -u : list udp ports
  • -n : Show numerical addresses instead of trying to determine symbolic host, port or user names.
  • -l : Show only the listening ports
  • -p : Show the PID and name of the program to which each socket belongs.

The output of the above command is in the ubuntu server. 

foofunc@ubuntu:~$ sudo netstat -ntulp
[sudo] password for foofunc: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1200/dnsmasq        
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      714/systemd-resolve 
tcp        0      0 127.0.0.1:10391         0.0.0.0:*               LISTEN      2771/Enpass         
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      769/cupsd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      769/cupsd           
udp        0      0 0.0.0.0:50767           0.0.0.0:*                           764/avahi-daemon: r 
udp        0      0 224.0.0.251:5353        0.0.0.0:*                           2441/chrome --type= 
udp        0      0 224.0.0.251:5353        0.0.0.0:*                           2402/chrome         
udp        0      0 224.0.0.251:5353        0.0.0.0:*                           2441/chrome --type= 
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           764/avahi-daemon: r 
udp        0      0 192.168.122.1:53        0.0.0.0:*                           1200/dnsmasq        
udp        0      0 127.0.0.53:53           0.0.0.0:*                           714/systemd-resolve 
udp        0      0 0.0.0.0:67              0.0.0.0:*                           1200/dnsmasq        
udp        0      0 0.0.0.0:631             0.0.0.0:*                           860/cups-browsed    
udp6       0      0 :::5353                 :::*                                764/avahi-daemon: r 
udp6       0      0 :::54961                :::*                                764/avahi-daemon: r 
udp6       0      0 fe80::cf94:fcc9:6b6:546 :::*                                772/NetworkManager  
foofunc@ubuntu:~$

The above output has the following fields:

  • Proto: protocol used by the socket
  • Recv-Q : Recive queue size (in bytes)
  • Send-Q : Send queue size (in bytes)
  • Local Address: IP address and port number (0.0.0.0 ip address means we can also use 127.0.0.1, Private IP address and Public IP address if assigned for that machine)
  • Foreign Address: This is the remote address from which request to service is allowed (0.0.0.0:* means from any IP and port address request is accepted)
  • PID/Program name: It is process ID and the service name.

Other tools

There are other tools that can be used to list port numbers used by applications in Linux machine. For your reference listing the following tools.

  • ss : another utility to investigate sockets. You can refer to manpage for the more details. You can use the following command to list the ports
 sudo ss -ntulp
  • nmap : Network exploration tool and security / port scanner. You can refer to manpage for the more details. THis tool can be used to check the open ports on internet. 
nmap <IP_address>

The output of the above command. 

foofunc@ubuntu:~$ nmap 192.168.122.1
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-19 00:49 CEST
Nmap scan report for ubuntu (192.168.122.1)
Host is up (0.000086s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
foofunc@ubuntu:~$

Summary

For the system administrator or network engineer it’s important to know which ports are listening on your network. Sometimes it can be that an open port is the source of intrusion on your network. If we know about which ports are open we know what type of information is going in and out. In this article, we learned about netstat command which can be used to list all the ports in Linux system.
​​

`

Related posts:

Default ThumbnailHow to install LAMP stack on Ubuntu 21.04 How to run SSH server on multiple ports How to create and add SSH key in your Git account Directory/Filesystem structure in Linux

Leave a Comment

Your email address will not be published. Required fields are marked *