Opening ports in Linux and using Linux networking tools to list and validate open ports are critical responsibilities for network communication management. A port number in computer networking is a virtual concept that assigns a network identify to a certain service or application.
In this article, we will look at the process of opening ports and show how to utilize several Linux networking tools to check and test the opened port in Linux.
The first 1024 ports (from 0 to 1023) are known as well-known port numbers, because they are reserved for the most regularly used services. SSH (port 22), HTTP (port 80), and HTTPS (port 443) are examples. Port numbers greater than 1024 are referred to be ephemeral ports.
- Registered/user ports range from 1024 to 49151.
- The dynamic/private ports are those numbered 49152 to 65535.
Prerequisites
- Access to the system (sudo or root access).
Initial Setup
Start by updating the server packages to the latest versions available.
On your Linux system, launch a terminal or command line interface.
sudo apt update
List out All Available Ports
How to Install netstat?
The “sudo” command executes the following command with administrative rights, allowing you to make system-level changes.
Then the Most common Linux distributions provide the netstat command as part of the net-tools package. The commands you listed for installing netstat on the various distributions are correct.
Here is a installation guide for installing net-tools in all major distros:
For Fedora/CentOS/RHEL 8:
sudo dnf install net-tools
For CentOS/RHEL 7:
sudo yum install net-tools
For Debian/Ubuntu:
sudo apt install net-tools
For Arch:
sudo pacman -S netstat-nat
For OpenSuse:
sudo zypper install net-tools
TCP and UDP Protocols
The netstat program can be used to list all Open Port in Linux, including both TCP and UDP protocols. Here’s how you can utilize it:
Execute the below command:
netstat -lntu
Let’s have a look at the command’s options:
- -l: Only displays listening sockets/ports.
- -n: Displays the port numbers rather than resolving them to service names.
- -t: Displays a list of TCP ports.
- -u: Displays a list of UDP ports.
When you run the command netstat -lntu, you’ll get something like this:
cloudbooklet@ubuntu:~$ netstat -lntu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 127.0.0.1:323 0.0.0.0:* udp 0 0 127.0.0.53:53 0.0.0.0:* udp 0 0 10.128.0.11:68 0.0.0.0:* udp6 0 0 ::1:323 :::* cloudbooklet@ubuntu:~$
Note: If your distribution does not include netstat, you can display open ports by looking for listening sockets with the ss command.
On Linux, use the ss command to check consistent outputs and list listening sockets with an open port. The ss command, which replaces the earlier netstat command, gives more detailed and up-to-date statistics. Here’s how you can put it to use:
On your Linux system, launch a terminal or command line interface.
ss -lntu
The -ltn options are used to filter and display specific information:
- -l: Only displays listening sockets/ports.
- -t: Displays a list of TCP ports.
- -n: Shows port numbers rather than resolving them to service names.
The ss command will then provide a list of open listening sockets with their corresponding local addresses and port numbers. Here’s the output will be:
cloudbooklet@ubuntu:~$ ss -lntu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:* udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* udp UNCONN 0 0 10.128.0.11%ens4:68 0.0.0.0:* udp UNCONN 0 0 [::1]:323 [::]:* tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:* tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* tcp LISTEN 0 128 [::]:22 [::]:* cloudbooklet@ubuntu:~$
Ports 22 (SSH) and 80 (HTTP) are both open and actively listening in this example.
Check Active Connections
You can use the netstat command to check for any active connections or listening sockets on port 4000 to ensure that it is not currently in use. Here’s how to go about it:
On your Linux system, launch a terminal or command line interface.
netstat -na | grep :4000
Alternatively, use the ss command:
ss -na | grep :4000
If no output or results are provided, this indicates that port 4000 is not currently in use and is available for opening.
For Ubuntu and Debian based systems
If you don’t have UFW installed you can install it using the below command.
sudo apt install ufw
Check more details about using UFW here
Your commands will look somewhat like this:
sudo ufw allow 4000
For CentOS and firewall-based systems
Use firewall-cmd, the command line client for the firewalled daemon.
Your commands will look somewhat like this:
firewall-cmd -add-port=4000/tcp
Linux distributions without using UFW or a firewall
Investigate the legacy iptables approach for configuring IP packet filtering that is utilized by some Linux systems. Learn how to install and use iptables to create strong firewall rules for improved system security and network traffic control.
Change the system IPv4 packet filter rules with iptables.
iptables -A INPUT -p tcp -dport 4000 -j ACCEPT
Refer to How to Install Iptables for Your Distribution for further information.
Testing Open Ports for TCP Connections
You can use the nmap command to test a specific port by specifying the port number as well as the destination IP address or hostname. You can use the following command:
To install nmap command following command should be used
sudo apt-get install nmap nmap localhost -p 4000
Use Netcat Utility For Testing purposes
To test an Open Port in Linux with the netcat utility (commonly abbreviated as nc), do the following:
To listen on the specified port (e.g., port 4000) and show any received data, open a terminal window and run the following command:
echo “Testing port 4000” | nc -l -p 4000
Keep the command running while you open another terminal window.
In that terminal window, type telnet to connect to the local socket.
telnet localhost 4000
This command connects to the local host (localhost) on port 4000.
You can type a message in the terminal window where you ran telnet if the port is open and the connection is successful.
Also read: You might also find useful our guide on How to Upgrade Linux Kernel in Ubuntu
Conclusion
Finally, there are numerous ways to Open Port in Linux. The best method for you will be determined by your distribution and firewall settings. However, the typical procedure is to display all open ports, check to see if the port you require is already open, and then open the port with the proper command. After you’ve opened the port, you can test it to ensure it’s operational.
Please feel free to share your thoughts and feedback in the comment section below.
How to Open Port in Linux: Simple Step-by-Step Guide