Checking the TCP port status Linux is an essential skill for system administrators and developers who manage network services. Understanding how to verify whether a port is listening, closed, or filtered allows for faster troubleshooting and more secure server configurations. The command line tools available in Linux provide detailed insights into network socket information without requiring graphical interfaces.
Using Netstat for Port Verification
The netstat command has been a standard utility for displaying network connections, routing tables, and interface statistics. Although it is considered legacy, it remains widely supported across various distributions. To check TCP port status Linux users often rely on specific flags to filter the output effectively.
Basic Netstat Commands
netstat -tuln shows all listening TCP and UDP ports without resolving service names.
netstat -tlnp displays listening TCP ports along with the associated process ID and name.
Leveraging the Ss Utility
The ss command, which stands for socket statistics, is a modern replacement for netstat. It retrieves information from the Kernel's socket layer and is significantly faster, especially on systems with a high number of sockets. This tool is invaluable for real-time analysis of TCP port status Linux environments.
Common Ss Options
ss -tuln lists all UDP and TCP ports that are currently listening.
ss -tlnp shows detailed information about TCP listening sockets, including the process using them.
ss -t state established displays only established TCP connections, which is useful for verifying active sessions.
Utilizing Lsof for Specific Checks
The lsof command, meaning list open files, can also report on network sockets because sockets are treated as files in Linux. This provides a different perspective compared to netstat or ss, particularly when you need to identify which specific application is holding a port open.
Lsof Examples for TCP Ports
lsof -i :22 shows the process using port 22, which is commonly used for SSH.
lsof -iTCP -sTCP:LISTEN lists all TCP ports that are currently in a listening state.
lsof -i @192.168.1.1:80 checks connections to a specific IP address and port combination.
Testing Connectivity with Nmap
Nmap is a powerful network discovery and security auditing tool that can scan ports to determine their state from the perspective of the client. While netstat and ss show the status from the server side, nmap allows you to verify if a port is reachable from another machine on the network.
Scanning Techniques
nmap -p 80 example.com scans port 80 on a remote host to check if it is open or closed.
nmap -sT localhost performs a TCP connect scan on the local machine, useful for verifying firewall rules.
nmap -sU -p 53 localhost checks the status of a specific UDP port, such as DNS.
