How to check if port is in use on Linux or Unix

ADVERTISEMENTS



How to check if port is in use in

How do I determine if a port is in use under Linux or Unix-like system? How can I verify which ports are listening on Linux server? How do I check if port is in use on Linux operating system using the CLI?It is important you verify which ports are listening on the server’s network interfaces. You need to pay attention to open ports to detect an intrusion. Apart from an intrusion, for troubleshooting purposes, it may be necessary to check if a port is already in use by a different application on your servers. For example, you may install Apache and Nginx server on the same system. So it is necessary to know if Apache or Nginx is using TCP port # 80/443. This quick tutorial provides steps to use the netstat, nmap and lsof command to check the ports in use and view the application that is utilizing the port.

To check the listening ports and applications on Linux:

Open a terminal application i.e. shell prompt. Run any one of the following command on Linux to see open ports:

sudo lsof -i -P -n | grep LISTEN

sudo netstat -tulpn | grep LISTEN

sudo lsof -i:22 ## see a specific port such as 22 ##

sudo nmap -sTU -O IP-address-Here For the latest version of Linux use the ss command. For example, ss -tulw

Let us see commands and its output in details.

Option #1: lsof command

The syntax is:

$ sudo lsof -i -P -n

$ sudo lsof -i -P -n | grep LISTEN

$ doas lsof -i -P -n | grep LISTEN ### [OpenBSD] ###

Sample outputs:



sshd 85379 root 3u IPv4 0xffff80000039e000 0t0 TCP 10.86.128.138:22 (LISTEN)

sshd is the name of the application.

is the name of the application. 10.86.128.138 is the IP address to which sshd application bind to (LISTEN)

is the IP address to which sshd application bind to (LISTEN) 22 is the TCP port that is being used (LISTEN)

is the TCP port that is being used (LISTEN) 85379 is the process ID of the sshd process

Option #2: netstat command

Consider the last line from above outputs:

You can check the listening ports and applications with netstat as follows.

Linux netstat syntax

Run netstat command along with grep command to filter out port in LISTEN state:

$ netstat -tulpn | grep LISTEN

The netstat command deprecated for some time on Linux. Therefore, you need to use the ss command as follows:

sudo ss -tulw

sudo ss -tulwn





Where ss command options are as follows:

-t : Show only TCP sockets on Linux

: Show only TCP sockets on Linux -u : Display only UDP sockets on Linux

: Display only UDP sockets on Linux -l : Show listening sockets. For example, TCP port 22 is opened by SSHD server.

: Show listening sockets. For example, TCP port 22 is opened by SSHD server. -p : List process name that opened sockets

: List process name that opened sockets -n : Don’t resolve service names i.e. don’t use DNS

Related: Linux Find Out Which Process Is Listening Upon a Port

FreeBSD/MacOS X netstat syntax

$ netstat -anp tcp | grep LISTEN

$ netstat -anp udp | grep LISTEN

OpenBSD netstat syntax

$ netstat -na -f inet | grep LISTEN

$ netstat -nat | grep LISTEN

Option #3: nmap command

The syntax is:

$ sudo nmap -sT -O localhost

$ sudo nmap -sU -O 192.168.2.13 ##[ list open UDP ports ]##

$ sudo nmap -sT -O 192.168.2.13 ##[ list open TCP ports ]##

Sample outputs:



$ sudo nmap -sTU -O 192.168.2.13

A note about Windows users

You can combine TCP/UDP scan in a single command:

You can check port usage from Windows operating system using following command:

netstat -bano | more

netstat -bano | grep LISTENING

netstat -bano | findstr /R /C:"[LISTEING]"



Conclusion

This page explained command to determining if a port is in use on Linux or Unix-like server. For more information see the nmap command and lsof command page online here