Checking the port status in Linux is a fundamental task for system administrators and developers, essential for network troubleshooting, security audits, and service management. Understanding how to verify whether a port is listening, closed, or filtered provides immediate insight into the network health of a server. This guide walks through the practical methods and commands used to inspect port states directly from the terminal.
Using the netstat Command
The netstat command, though considered legacy in some distributions, remains a powerful tool for displaying network connections, routing tables, and interface statistics. To check port status, it provides clear output regarding which ports are active and the associated processes. While often replaced by ss , it is still widely available and useful for quick diagnostics.
Listing Listening Ports
To view all ports currently in a listening state, use the following combination of flags:
sudo netstat -tulnp
This command breaks down the results by showing TCP ( -t ) and UDP ( -u ) ports, indicates which are listening ( -l ), displays the port numbers numerically ( -n ), and crucially, shows the process ID and name responsible for the port ( -p ).
Leveraging the ss Command
The ss utility is designed to be a modern replacement for netstat , retrieving socket statistics directly from the kernel's Netlink interface. It is significantly faster, especially on systems with a high number of sockets, and provides more detailed information regarding network connections.
Filtering by Port State
To specifically monitor the port status, you can filter by the socket state. For instance, to see only established connections on a specific port, you might use:
ss state established '( dport = :80 or sport = :80 )'
This command filters for sockets in the "established" state, matching traffic to or from port 80, allowing you to verify active sessions rather than just open listeners.
Utilizing lsof for Process-Specific Checks
lsof , meaning "list open files," is incredibly versatile because, in Unix-like systems, networks are treated as files. This allows you to query which processes have opened a specific port, providing a direct link between the socket and the application.
Identifying Port Usage
To check the port status of a specific port, such as port 22, you can run:
sudo lsof -i :22
The output will detail the command, process ID, user, and network file associated with that port, making it easy to determine if a service is running or if an unexpected process has bound to a critical port.
Firewall Verification with iptables
Port status is not solely about application listening; it also involves whether the firewall permits traffic to reach that port. Verifying the ruleset is a critical step in ensuring the port is actually accessible from the network.
Inspecting Rules
You can list the current firewall rules to see if traffic is being allowed or dropped on specific ports:
sudo iptables -L -n -v
Look for rules targeting the INPUT chain that reference your target port. This confirms whether the kernel is actively blocking or permitting connections to that service.
