Knowing if a TCP or UDP port is open or closed is a fundamental task for any system and network administrator. Often times, it is essential to know if the ports are open to establish communication with the service that is listening behind, but it is also very important to know if they are closed to avoid possible security problems. Today in this article we are going to show you how to know if a port is open or closed in a Linux operating system, since this operating system is normally used in servers.
There are several ways to check if a certain port is open or closed, especially in Linux, the first of them is using the popular Netcat program that comes pre-installed in all distributions, then a very good way to know if a port is open It is by checking it directly with the Nmap program that will allow us to scan all the ports of a certain host. Finally, if we want to know if we have an open or closed port, we will have to look at it in the firewall and also in the current connections of the operating system.
View open ports with Netcat
Netcat is a tool that comes by default in most Linux distributions, so, apart from being very easy to use, we will not need to install any additional packages. Before checking with Netcat if the port is open, let’s see the two most important Netcat parameters:
- z is a parameter that ensures that, at the end of the check, the connection is closed or, otherwise, the program would remain running in a loop until we manually terminate it with control + C, in a similar way to when a ping on Linux.
- v is the parameter that is in charge of checking if the port is open or closed.
To check the port, what we must do is type the following in a terminal:
nc -zv {IP} {PUERTO}
For example, to check port 443 on our router we will type:
nc -zv 192.168.10.1 443
In the following image you can see how this port is open:
If we test the website of this article and port 443, we will get similar information:
In the event that it is closed, we should put this:
As you have seen, it is very easy to check if a port is open or closed with Netcat, a very simple utility that comes pre-installed in Linux. In addition to the “z” and “v” commands, we also have other arguments available that will allow us to know more information. If we execute the following command, help will appear:
nc -h
As you can see, we have many arguments to extend the functionalities.
View open ports with Nmap
Nmap is the program par excellence to discover hosts and also to check if the different ports are open, this program does not come pre-installed in Linux operating systems, but we can install it directly from the repositories with the following order:
sudo apt install nmap
Once installed, to find if a specific port is open, we must put the following command:
nmap -p {PUERTO} {IP}
In the following image you can see how an open port would appear:
In the event that a port is closed or is filtered by a firewall, the following will appear:
If we want to scan all the ports of a certain host or a range of ports, we will have to indicate a range of ports as follows:
nmap -p {PUERTO}-{PUERTO} {IP}
For example:
nmap -p 1-65535 192.168.10.1
As you can see, checking the open ports with Nmap is really simple, in addition, we can scan all the hosts on the home or professional local network, to later scan the different ports.
Check the firewall in Linux
If we want to check if we have an open port to accept connections, the first thing to check is the status of the firewall in our Linux operating system. By default, on all Linux servers the policy is permissive, that is, all packets are accepted by policy. We can modify this policy for a restrictive one, and even add new tables, chains and rules to allow or deny traffic.
If in our Linux terminal we put the following:
iptables -L
We will get all the chains and rules from the iptables “filter” table, in the case of using Nftables, you must indicate the following command:
nft list ruleset
A very important security recommendation is that all ports on a Linux server should be closed, in this way, when we raise a service listening on a certain port, it will not be accessible unless we allow it in the firewall. We must check in detail if a certain port is open or not so that our services are accessible from abroad.
View the status of TCP and UDP connections
If we are interested in knowing the status of all TCP, UDP, ICMP and other protocols in our operating system, a widely used tool has always been “netstat”, however, this tool has been in second place thanks to the new “ss” that will provide us with a large amount of information easily and quickly. This tool is in charge of checking all open or closed sockets on our Linux server, and we will be able to see the statistics of said open or closed sockets. If you have used the netstat tool in the past, we are sure that you will love this new “ss” tool.
The “ss” tool is already pre-installed on Linux operating systems as part of the system itself, as is the case with the “ping”, “traceroute” and many other tools. If we open a console, both in user mode and superuser mode, we must execute:
ss
Once we have executed this order, we can see the following:
We will see the status of the connection (ESTAB), and also the packages received and sent, the local address and the port, as well as the remote address and the port used. We are going to get a large number of ports in use by the different programs and services that we will have installed in the operating system.
If we want to see the status of all ports (sockets) we can put the following order:
ss -a
If we want to see only the ports that are “listening”, we must put the following command:
ss -l
In the following image you can see an example of ports that are “READY” to accept incoming connections:
In the case that we want to show TCP connections, we will have to use the “-t” argument and in the case of wanting to show UDP connections, we will have to use the “-u” argument.
ss -t ss -u
The command “ss” is really useful to show all the established connections and also listening in our Linux operating system.
As you have seen, we have different methods to know if a port is open or closed on a remote host and also on our local computer, depending on what we are interested in knowing, we will use one tool or another, the most important thing is that all the Ports that are not in use should be closed for security through the firewall, in this way, we will avoid security problems and exploitation of vulnerabilities in the servers.
