List of Ports In Use

You can easily determine if a port is in use with a few simple Linux commands.

Whenever you're trouble shooting a network or an application running on a network, your first step can be to see what ports are open.  For example you may have an apache server running a web service and that web service isn't responding.  The first thing you might do is to check if the apache is running or simply check to see if anything is listening on the port.  Since it's a web service you might think it's on 80 but it doesn't have to be. Instead it might be on 8080, 5555 or some other port.

lsof command

Everything in Unix/Linux is considered to be a file or folder, which means you can use the lsof or List Of Open File command to inspect for applications with open ports.

$ sudo lsof -i -n

If nothing returns be sure to check that you used sudo. If you leave sudo off, you won't get an error but there's a good chance that nothing will come back either

-i argument

According to the man pages for lsof, the -i, essentially filters on any internet 

-i   selects  the  listing of files any of whose Internet address matches the address specified in i.  If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files.

lsof man pages

-n argument

-n inhibits any conversion to a hostnames.  So leave that off if you are looking for host name information

-n inhibits  the  conversion  of  network  numbers  to host names for network files.  Inhibiting conversion may make lsof run faster.  It is also useful when host name                 lookup is not working properly.

lsof man pagess

Depending on what's running on your system you may get a lot of information back.  If you're only concerned with what ports are listening for connections, the you can use grep to filter it even further.

sh-4.2$ sudo lsof -i | grep LISTEN
rpcbind    1714    rpc    8u  IPv4  14917      0t0  TCP *:sunrpc (LISTEN)
rpcbind    1714    rpc   11u  IPv6  14920      0t0  TCP *:sunrpc (LISTEN)
master     2168   root   13u  IPv4  17098      0t0  TCP localhost:smtp (LISTEN)
sshd       3106   root    3u  IPv4  27586      0t0  TCP *:ssh (LISTEN)
sshd       3106   root    4u  IPv6  27588      0t0  TCP *:ssh (LISTEN)
container  7355   root   14u  IPv4  34814      0t0  TCP localhost:43529 (LISTEN)
docker-pr  8755   root    4u  IPv4  40667      0t0  TCP *:commplex-main (LISTEN)
docker-pr  8849   root    4u  IPv4  40766      0t0  TCP *:http (LISTEN)

In the example above you can see that I have TCP: *:http listening from the docker-pr, which is the docker proxy hosting my application. There are also other services running like ssh listening for connections, rpc connections, ect.

netstat

 

The netstat command displays active TCP connections, ports the host is listening on, ethernet stats, the IP routing table, IPv4 stats (for IP, ICMP, TCP and UPD) as well as IPv6 stats for (IPv6, ICMPv6, TCP over IPv6 and UPD over IPv6). If you omit any of the parameters it typically displays active TCP connections

sudo netstat -anp | grep tcp | grep LISTEN

Using the command above we supplied the -a for all, chained with n for numeric (like n argument for lsof it won't resolve names) and p to display the PID/program name for the sockets.

Running the netstat command I have output like the following

sh-4.2$ sudo netstat -anp | grep tcp | grep LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1714/rpcbind
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      8849/docker-proxy
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3106/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2168/master
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      8755/docker-proxy
tcp        0      0 127.0.0.1:43529         0.0.0.0:*               LISTEN      7355/containerd
tcp6       0      0 :::111                  :::*                    LISTEN      1714/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      3106/sshd

If you forget the sudo, you should still get some information back but you'll also get a warning that it couldn't get the PID/ program information.  See how the following example is missing all the information at the end.

sh-4.2$ netstat -anp | grep tcp | grep LISTEN
(No info could be read for "-p": geteuid()=1001 but you should be root.)
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:5000            0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:43529         0.0.0.0:*               LISTEN      -
tcp6       0      0 :::111                  :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -

Other commands:

There actually several other commands out there like nmap, but not all of them come installed by default, so you'll need to install them in order to use them.  But you can pretty much guarantee that lsof and netstat will be available.

Happy Networking!

Image Credits: Photo by Boba Jaglicic on Unsplash