How do I check if a port is in use on Linux? nixCraft

I am a new Linux system user. I need to find out which process is listening on a port on Linux using the command line. How do you find out which process is listening on a port on Linux operating systems?

A network port in Linux is nothing but a number that identifies one side of a connection between two systems. All networked devices use port numbers to determine to which process a message should be delivered. The domain name and IP address are like a street address, and port numbers are like room numbers.

Popular port numbers in Linux

  • HTTP – TCP 80
  • HTTPS – TCP 443
  • POP3 – TCP 110
  • SMTP – TCP 25
  • SSH – TCP 22
  • DNS/DOMAIN – TCP/UDP 53

Use the cat command or grep command/egrep command to query port numbers as follows:
cat /etc/services
grep -w 80 /etc/services
egrep -w '53/(tcp|udp)' /etc/services

Find out which process is listening on a port on Linux

How to check if a port is in use on Linux

The procedure is as follows:

  1. Open the terminal application
  2. Type any one of the followin command to check if a port is in use on Linux
    sudo lsof -i -P -n | grep LISTEN
    sudo netstat -tulpn | grep LISTEN
    sudo netstat -tulpn | grep :443
    sudo ss -tulpn | grep LISTEN
    sudo ss -tulpn | grep ':22'

Let us see some examples and sample commands in details.

How can you find out which process is listening on a port on Linux

Type the ss command or netstat command to see if a TCP port 443 is in use on Linux?
sudo netstat -tulpn | grep :443
sudo ss -tulpn | grep :443

If a port is open, you should see the output as follows:

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 438/nginx -g daemo

The port 443 is in use and opened by nginx service. Where,

  • -t : Display TCP sockets/port
  • -u : Show UDP sockets/port
  • -l : See only listening sockets i.e. open port
  • -p : Also display process name that opened port/socket
  • -n : View addresses and port numbers in numerical format. Do not use DNS to resolve names.

Getting a list of all open port in production

Simply run:
sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn
sudo netstat -tulpn

Sample outputs:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 500/redis-server 12
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 438/nginx -g daemon
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 407/lighttpd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 438/nginx -g daemon
tcp6 0 0 :::80 :::* LISTEN 438/nginx -g daemon
udp 0 0 0.0.0.0:68 0.0.0.0:* 277/dhclient

Another outputs from the lsof command:
Check if a port is in use on Linux
From the above outputs, it is clear that Lighttpd opened port TCP port 8080 and Nginx server opened TCP 80 and 443 ports. All of these servers run under a user named “www-data”.

Conclusion

You learned how to see if a port is in use on a Linux based machine using various command line utilities.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Posted by Web Monkey

Leave a Reply