Blog Post
Guide to Check for Open Ports in Linux
Commands

Guide to Check for Open Ports in Linux

An open port, also called a listening port, is essentially an address on your network system to which data packets can be sent. Many services make use of different ports. An open port can receive packets from anywhere hence it is important to configure its security through the firewall or any connectivity issues, if any.

It is then fundamental to first check or scan for open ports in order to make changes to the ports. A port has any of the four states: open, closed, filtered, and unfiltered. It is advisable only to leave those ports open which are important for functionality while all other ports should stay closed. With every port open, you are at an added risk of attacks. Not to mention, the nature of such attacks are unexpected and challenging to trace.

How to Check for Ports

Let’s assume you are running a web server on ports 80 and 110 and the same ports, 80 and 110, are also open on your firewall, everyone will be able to access said ports unless you explicitly ban specific IP addresses through your firewall. If such cases arise, scan for open ports.

There are multiple ways of checking or scanning open ports. Let’s go through some of them.

1. nmap

nmap is arguably the most powerful feature for scanning networks due to its wide variety of tools. With nmap, you can scan anything from vast network systems to individual hosts. Moreover, you can identify the target system’s Operating System type, MAC address, and more.

To use nmap, you need to clear a few prerequisites. You will need terminal access with sudo or root privileges and the apt package or equivalent. Though apt is a default package, you can install it by using this command should you need it (for Debian/Ubuntu):

sudo apt install nmap

For CentOS:

sudo yum install nmap

To check for nmap ports on any system, use this command:

sudo nmap 103.68.0.5

The IP address from the above example can be replaced with any address you want to target. Regardless, this line should return data about the ports present in the system.

For scanning a specific address, like a host, type this:

nmap www.randomhost.com

The “www.randomhost.com” can be any host address.

It is also possible to scan targets through text files:

nmap -iL text.txt

To check for multiple IP addresses at once, type this in the terminal:

nmap 103.68.0.1-15

This helps in widening the search scope and saves time. However, you can still scan for specific ports with nmap. For instance, scanning for a particular port will require this line of command:

nmap -p 110 103.68.0.5

The -p command encompasses the scan to all of the 65535 ports and adding a port, such as the 110, targets the scan to that port only. Similarly, you can replace 110 with any other port number you specifically want to check.

For scanning a range of ports at once, use this:

nmap -p 1-100 103.68.0.5

You can also simply check for all ports. Just type:

nmap -p 103.68.0.5

Just like an antivirus quick scan, nmap can run a quick scan for the most common ports. The command is as follows:

nmap -F 103.68.0.5

In order to check for TCP connections in your network, use this command:

nmap -sT -p 103.68.0.5

The output should reveal the open ports.

You can also use the SYN method which performs only half of a TCP handshake. Type:

nmap -sS -p 103.68.0.5

For checking or scanning UDP connections in your network, type this:

nmap -sU -p 103.68.0.5

As mentioned earlier, nmap can be used for identifying the target system’s Operating System. Use the -A command for this. Example:

nmap -A 103.68.0.5

nmap command has more functions to it than shown here. Look for all nmap commands and make a note of it.

2. netstat

netstat stands for network statistics and is responsible for providing an overview of your network status. We can use netstat to print information regarding open ports after passing the needed query.

To get a list of open ports using netstat, type this line of command:

sudo netstat -ltup

Example output:

tcp     0        0        *:http       *:*         LISTEN     1022/lin  -g   daemo

Now this command has various functions. The ‘-l’ informs netstat to output the open ports, ‘-t’ shows all the TCP connections, ‘-u’ is for all the UDP connections, and ‘-p’ showcases the application names of the listening ports.

If you add -n flag to the previous command, it will output numerical values instead of service/application names. For example:

sudo netstat -lntup

Example output:

tcp     0        0        0.0.0.0:80  0.0.0.0:*    LISTEN   1022/lin -g   daemo

The netstat command can be coupled with grep to scan for specific ports. For instance, to detect which application is listening on a particular port, use:

sudo netstat -lntup | grep "lin"

Inversely, to check the application by typing this:

sudo netstat -lntup | grep ":80"

3. netcat

netcat is basically a cat command except it can work on networks as well. It is possible to scan single and multiple networks over TCP and UDP protocols using netcat.

To scan for open ports over a TCP protocol, use this line of command:

nc -z -v 103.68.0.5

The ‘-z’ flag enables nc to scan for open ports without having to send data and ‘-v’ simply provides a more detailed output. You can also search for a range of ports by adding this:

nc -z -v 103.68.0.5 10-50

The command for the UDP counterpart is as follows:

nc -z -v -u 103.68.0.5 10-50

These commands will return all ports specified, though you can further customize your output by using the grep command. For instance, if you only want the system to return open ports, try:

nc -z -v 103.68.0.5 10-50 | grep connection success

4. lsof

Linux/Unix considers everything as a file. Therefore, the lsof (meaning List Open Files) is also relevant for scanning open ports.

In order to list all internet and network-related files, use this command:

sudo lsof -i where ‘-i‘ indicates all internet and network-related files. Your output should be a big list of network files.

Now simply specify a port to check which application is listening to it. Type:

sudo lsof -i :80

5. Bash

This method is more towards shell scripting but works the same nonetheless. By executing commands on a bash pseudo-device, it establishes either a TCP or UDP connection to the given host and port.

We can use loops to scan for the status of particular ports on given hosts. For example:

if timeout 3 bash -c '</dev/tcp/ft.com/110 &>/dev/null'

then

echo "The port is open."

else

echo "The port is closed."

fi

We can scan for a range of ports through a simple for loop. The script is as follows:

for PORT in {10..70}; do
timeout 3 bash -c '</dev/tcp/103.68.0.5 $PORT &>/dev/null' && echo "The port $PORT is open."

done

Example output:

The port 44 is open.

Conclusion

These 5 methods are one of the quickest and easiest ways of checking for open ports. Furthermore, they are useful for filtering ports in your firewall in order to maintain network connectivity and security standards and protocols.

Related posts

Leave a Reply

Required fields are marked *

Copyright © 2020 Blackdown.org. All rights reserved.