10 ways to check ports in Linux to help troubleshoot systems

Networking is the backbone behind much of technology, and while a standalone device isn’t without significant value due to its local processing capabilities, the bread and butter behind business operations involves communication. Namely, getting systems and devices communicating with one another across networks to access or share data, maintain security and monitor operations.

When using TCP/IP, the universal language of networks, the process of checking ports to ensure they are configured, listening and accepting traffic is standard fare for system and network administrators. Ports are associated with processes running on target systems such as web servers, email servers, Active Directory domain controllers and other centralized resources. Gathering information about them is essential to proper communicative functionality.

SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)

Here are 10 ways you can work with ports using Linux to troubleshoot issues and maintain operations.

How to check to see what protocols and ports are associated with a given service

This command can show you a reference guide which will tell you the protocols and ports used (in theory) by any service in case you’re looking for more information. It does not show you what’s actively listening, but rather is used to help narrow down what could or should be used for any given function, such as FTP or SSH.

Run:

cat /etc/services | less

The output will show an extensive list of dozens of services and the ports associated with them to help serve as a reference point for you.

How to check to see what ports are actively connected from or to a local system

Run the ss command and you will see a list of the ports to which a particular system is connected, either locally or remotely: Details will depend on the system and functions involved.

How to use nmap to scan a remote system for open ports

The nmap utility, also known as ncat, is a handy Swiss army knife which works for Linux and Windows that can be used to see what ports are open on a remote system. Keep in mind port scanning may attract the attention of a security team, so only do this for authorized business purposes.

Let’s say you want to see what ports are open on the remote system website for Microsoft.

In Linux, run:

nmap microsoft.com

The results will reveal open ports on that host similar to the following:

Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:32 Eastern Daylight Time

Nmap scan report for microsoft.com (20.81.111.85)

Host is up (0.018s latency).

Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds

To check for a specific port such as 443, run nmap -p 443 microsoft.com.

You can check multiple ports such as 80 and 443 with nmap -p 80,443 microsoft.com.

How to check a local system to see which application is associated with a port

Let’s say you want to see what local application is listening on port 8443.

Run:

netstat -tulpn | grep 8443

This will return the process ID (PID), for instance 8971 (there may be multiple PIDs) as well as the application name (in this case it’s Java).

How to kill an application or service associated with a specific port

This can come in handy for applications or services you don’t recognize and suspect may be malicious. Follow the above command to get the PID(s), then run:

kill -9 (PID)

Repeat as needed for each PID to kill the process.

How to check a remote system with telnet to see if a port is listening and can be connected to

Let’s say you want to see if a remote system called host.company.com is listening on port 443 and can be connected to.

Run:

telnet host.company com 443

If you see a Connected response, the host is listening on that port and can be connected to.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

How to check a remote system without telnet to see if a port is listening and can be connected to

Not every system has telnet installed, and while you can usually install it from a yum repository using yum install telnet, sometimes the repositories don’t contain that package or the system is locked down preventing any software installation. You might also be in too much of a hurry to conduct a yum install. Let’s say you’d like to see if the host with the IP of 10.37.39.141 is listening on port 636:

echo > /dev/tcp/10.37.39.141/636

Ironically, if you get no response back, that’s actually a good thing and means the access worked.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

How to check a remote system using curl to see if a TCP port is listening

This achieves the same result as the prior step, but is a handy way to get oriented towards the curl application.

Let’s say you’d like to see if the host with the IP address of 10.37.34.21 is listening on port 16667:

Run:

curl -v telnet://10.37.34.21:16667

If you see a Connected response, the host is listening on that port and can be connected to.

If you get a Connection Refused error or the connection times out, the host either isn’t listening, access may be blocked from that host or you can’t get to the host (check for firewall access).

Note that this only works for TCP ports.

How to check what SSL certificate is listening on a port

This is one of my favorites and it has been a lifesaver for me during SSL certificate replacements in order to make sure things were done correctly.

Let’s say you have a server named splunk.company.com with an SSL certificate attached to port 8000, which you’ve just replaced and want to confirm is present.

Run:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout

This will return the full details of the SSL certificate such as the CN and issuer.

How to check the expiration date of an SSL certificate listening on a port

For quick way to establish the server in question has the right certificate attached to that port, run:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates

This will return output similar to the following:

notBefore=May 31 21:46:06 2021 GMT

notAfter=May 31 21:56:06 2022 GMT

With the above information in mind you can rest easy knowing the right certificate is in place.