May 12, 2022

10 Ways to Check Ports in Linux to Help Troubleshoot Systems

Image: Julien Tromeur/Adobe Stock

Networking is the backbone of much technology, and while a standalone device is not without significant value due to its local processing capabilities, the bread and butter behind business operations involve Communication. Namely, having systems and devices communicate with each other over networks to access or share data, maintain security, and monitor operations.

When using TCP/IP, the universal language of networking, the process of checking ports to ensure they are configured, listening, and accepting traffic is standard fare for system and network administrators. Ports are associated with processes running on target systems such as web servers, mail servers, Active Directory domain controllers, and other centralized resources. Collecting information about them is essential to the proper functioning of communication.

SEE: Linux Turns 30: Celebrating the Open Source Operating System (Free PDF) (TechRepublic)

Here are 10 ways to work with ports using Linux to troubleshoot issues and maintain operations.

How to check which protocols and ports are associated with a given service

This command can show you a reference guide that will tell you the protocols and ports used (in theory) by any service in case you are looking for more information. It doesn’t show you what’s actively listening, but rather is used to help narrow down what could or should be used for a given function, such as FTP or SSH.

Course:

cat /etc/services | less

The output will show a comprehensive list of dozens of services and their associated ports for your reference point.

How to check which ports are actively connected to or from a local system

Run it ss command and you will see a list of ports that a particular system is connected to, locally or remotely: The details will depend on the system and the functions involved.

How to use nmap to scan a remote system for open ports

The nmap utility, also known as ncat, is a handy Swiss army knife that works for Linux and Windows and can be used to see what ports are open on a remote system. Keep in mind that scanning ports may attract the attention of a security team, so do it only for authorized commercial purposes.

Suppose you want to see what ports are open on the remote system website for Microsoft.

On Linux, run:

nmap microsoft.com

The results will reveal open ports on this host similar to the following:

Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:32 Eastern Daylight Time

Nmap scan report for microsoft.com (20.81.111.85)

Host is up (0.018s latency).

Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds

To search for a specific port such as 443, run nmap -p 443 microsoft.com.

You can check multiple ports such as 80 and 443 with nmap -p 80,443 microsoft.com.

How to check a local system to see which application is associated with a port

Suppose you want to see which local application is listening on port 8443.

Course:

netstat -tulpn | grep 8443

This will return the process ID (PID), for example 8971 (there can be multiple PIDs) as well as the application name (in this case it’s Java).

How to kill an app or service associated with a specific port

This can be useful for apps or services that you don’t recognize and suspect to be malicious. Follow the command above to get the PID(s), then run:

kill -9 (PID)

Repeat as needed for each PID to kill the process.

How to check a remote system with telnet to see if a port is listening and can be connected to

Suppose you want to see if a remote system called host.company.com is listening on port 443 and can be connected.

Course:

telnet host.company com 443

If you see a Connected response, the host is listening on this port and can be connected.

If you get a connection refused error or the connection times out, the host is not listening, access may be blocked from that host, or you cannot access the host (check firewall access -fire).

How to check a remote system without telnet to see if a port is listening and can be connected to

Telnet is not installed on all systems, and although you can usually install it from a yum repository using yum install telnet, sometimes the repositories do not contain this package or the system is locked, preventing installation of software. You might also be in too much of a rush to do a yum install. Suppose you want to see if the host with IP 10.37.39.141 is listening on port 636:

echo > /dev/tcp/10.37.39.141/636

Ironically, if you get no response, that’s actually a good thing and means the access worked.

If you get a connection refused error or the connection times out, the host is not listening, access may be blocked from that host, or you cannot access the host (check firewall access -fire).

How to check a remote system using curl to see if a TCP port is listening

This achieves the same result as the previous step, but it’s a handy way to point to the curl application.

Suppose you want to see if the host with IP address 10.37.34.21 is listening on port 16667:

Course:

curl -v telnet://10.37.34.21:16667

If you see a Connected response, the host is listening on this port and can be connected.

If you get a connection refused error or the connection times out, the host is not listening, access may be blocked from that host, or you cannot access the host (check firewall access -fire).

Note that this only works for TCP ports.

How to check which SSL certificate is listening on a port

It’s one of my favorites and it saved my life when replacing SSL certificates to make sure things were done correctly.

Suppose you have a server named splunk.company.com with an SSL certificate attached to port 8000, which you just replaced and want to confirm.

Course:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout

This will return the full SSL certificate details such as CN and issuer.

How to check the expiration date of an SSL certificate listening on a port

For a quick way to establish that the server in question has the correct certificate attached to that port, run:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates

This will return output similar to the following:

notBefore=May 31 21:46:06 2021 GMT

notAfter=May 31 21:56:06 2022 GMT

With the above information in mind, you can rest easy knowing that the correct certificate is in place.