Whether you are troubleshooting network connectivity issues or configuring a firewall one of the first things to check is what ports are actually opened on your system.
This article describes several approaches to find out what ports are opened to the outside on your Linux system.
What is Open Port
A listening port is a network port that an application listens on. You can get a list of the listening ports on your system by querying the network stack with commands such as ss
, netstat
or lsof
. Each listening port can be open or closed (filtered) using a firewall.
In general terms, an open port is a network port that accepts incoming packets from remote locations.
For example, if you are running a web server that listens on ports 80
and 443
and those ports are open on your firewall anyone (except blocked ips) will be able to access web sites hosted on your web server using his browser. In this case, both 80
and 443
are open ports.
Open ports may pose a security risk as each open port can be used by attackers to exploit a vulnerability or perform any other type of attacks. You should expose only the ports needed for functionality of your application and close all other ports.
Check Open Ports with nmap
Nmap is a powerful network scanning tool that can scan single hosts and large networks. It is mainly used for security audits and penetration testing.
If available, nmap
should be your first tool when it comes to port scanning. Besides port scanning nmap
can also detect Mac address, OS type, kernel versions, and much more.
The following command issued from the console determines which ports are listening for TCP connections from the network:
sudo nmap -sT -p- 10.10.8.8
The -sT
tells nmap
to scan for TCP ports and -p-
to scan for all 65535 ports. If -p-
is not used nmap
will scan only 1000 ports.
Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for 10.10.8.8
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
The output above shows that only ports 22
, 80
and 8069
are opened on the target system.
To scan for UDP ports use -sU
instead of -sT
:
sudo nmap -sU -p- 10.10.8.8
For more information visit the nmap man page and read about all other powerful options of this tool.
Check Open Ports with netcat
Netcat (or nc
) is a command-line tool that can read and write data across network connections, using the TCP or UDP protocols.
With netcat
you can scan a single port or a port range.
For example to scan for open TCP ports on a remote machine with IP address 10.10.8.8
in the range 20-80
you would use the following command:
nc -z -v 10.10.8.8 20-80
The -z
option tells nc
to scan only for open ports, without sending any data and the -v
is for more verbose information.
The output will look something like this:
nc: connect to 10.10.8.8 port 20 (tcp) failed: Connection refused
nc: connect to 10.10.8.8 port 21 (tcp) failed: Connection refused
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
...
Connection to 10.10.8.8 80 port [tcp/http] succeeded!
If you want only the lines with the open ports to be printed on the screen you can filter the results with the grep command.
nc -z -v 10.10.8.8 20-80 2>&1 | grep succeeded
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
Connection to 10.10.8.8 80 port [tcp/http] succeeded!
To scan for UDP ports pass the -u
option to the nc
command:
nc -z -v -u 10.10.8.8 20-80 2>&1 | grep succeeded
Check Open Ports using Bash Pseudo Device
Another way to check whether a certain port is open or closed is by using the Bash shell /dev/tcp/..
or /dev/udp/..
pseudo device.
When executing a command on a /dev/$PROTOCOL/$HOST/$IP
pseudo-device, Bash will open a TCP or UDP connection to the specified host on the specified port.
The following if..else statement will check whether port 443
on kernel.org
is open:
if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
echo "Port is open"
else
echo "Port is closed"
fi
Port is open
How does the code above works?
The default timeout when connecting to a port using a pseudo device is huge so we are using the timeout
command to kill the test command after 5 seconds. If the connection is established to kernel.org
port 443
the test command will return true.
You can also use the for loop to check for a port range:
for PORT in {20..80}; do
timeout 1 bash -c "</dev/tcp/10.10.8.8/$PORT &>/dev/null" && echo "port $PORT is open"
done
The output will look something like this:
port 22 is open
port 80 is open
Conclusion
We have shown you several tools that you can use to scan for open ports. There are also other utilities and methods to check for open ports, for example, you can use the Python socket
module, curl
, telnet
or wget
.
