Check if port is open or closed on a Linux server?

Question

How can I check if a port is listening on a Linux server?

score 271 · Accepted Answer · edited Jun 23 '25 at 15:43

271

You can check if a process listens on a TCP or UDP port with ss -tuplen (replacement of netstat).

To check whether some ports are accessible from the outside (this is probably what you want) you can use a port scanner like Nmap from another system. Running Nmap on the same host you want to check is quite useless for your purpose.

edited Jun 23 '25 at 15:43

Kraego

103
4

answered Sep 07 '11 at 17:31

joschi

21,955

score 152 · Answer 2 · answered Sep 07 '11 at 17:33

Quickest way to test if a TCP port is open (including any hardware firewalls you may have), is to type, from a remote computer (e.g. your desktop):

telnet myserver.com 80

Which will try to open a connection to port 80 on that server. If you get a time out or deny, the port is not open :)

score 46 · Answer 3 · edited Apr 03 '18 at 10:07

OK, in summary, you have a server that you can log into. You want to see if something is listening on some port. As root, run:

netstat -nlp

this will show a listing of processes listening on TCP and UDP ports. You can scan (or grep) it for the process you're interest in,and/or the port numbers you expect to see.

If the process you expect isn't there, you should start up that process and check netstat again. If the process is there, but it's listening on a interface and port that you did not expect, then there's a configuration issue (e.g., it could be listening, but only on the loopback interface, so you would see 127.0.0.1:3306 and no other lines for port 3306, in the case of the default configuration for MySQL).

If the process is up, and it's listening on the port you expect, you can try running a "telnet" to that port from your Macbook in your office/home, e.g.,

 telnet xxxxxxxxxxxx.co.uk 443

That will test if (assuming standard ports) that there's a web server configured for SSL. Note that this test using telnet is only going to work if the process is listening on a TCP port. If it's a UDP port, you may as well try with whatever client you were going to use to connect to it. (I see that you used port 224. This is masqdialer, and I have no idea what that is).

If the service is there, but you can't get to it externally, then there's a firewall blocking you. In that case, run:

 iptables -L -n

This will show all the firewall rules as defined on your system. You can post that, but, generally, if you're not allowing everything on the INPUT chain, you probably will need to explicitly allow traffic on the port in question:

 iptables -I INPUT -p tcp --dport 224 -j ACCEPT

or something along those lines. Do not run your firewall commands blindly based on what some stranger has told you on the Internet. Consider what you're doing.

If your firewall on the box is allowing the traffic you want, then your hosting company may be running a firewall (e.g., they're only allowing SSH (22/tcp), HTTP (80/tcp) and HTTPS (443/tcp) and denying all other incoming traffic). In this case, you will need to open a helpdesk ticket with them to resolve this issue, though I suppose there might be something in your cPanel that may allow it.

score 27 · Answer 4 · answered Mar 28 '16 at 19:32

27

I use the combo of netstat and lsof:

netstat -an | grep <portnumber>
lsof -i:<portnumber>

To see if the port is being used, and what is using it.

answered Mar 28 '16 at 19:32

warren

19,297

Alexis Wilke · Answer 5 · 2021-08-03T17:56:32.553

If you need to script such a test, the solution by Serhii Popov (see comment to question) is probably the best since nc is capable of searching the TCP stack for an open port³ instead of attempting an actual connection.

The simplest form is:

nc -z <ip> <port>

The command returns true if it find the specified <ip>:<port> combo as being opened (i.e. one of your services is listening).

So now you can write a script to wait until the port is open:

while ! nc -z <ip> <port>
do
    sleep 1
done

Note 1: I tried the -w command line option and that did not seem to do anything. Either way the command returns immediately. I think that the -w is not useful with -z.

Note 2: to help debug, try with the -v command line option.

Note 3: nc -z ... actually creates a socket() and then attempts to bind() it and connect(). If that works, it deems the port open.

score 11 · Answer 6 · edited Feb 18 '15 at 13:32

11

If you are connected to the system and can run a command as root then you can check the output of iptables

iptables -L -vn

this will list the firewall rules and which ports are open target ACCEPT and any explicitly closed ports target REJECT.

edited Feb 18 '15 at 13:32

HopelessN00b

54,273

answered Sep 07 '11 at 17:57

user9517

117,122

score 7 · Answer 7 · answered Jan 25 '16 at 21:45

7

lsof -i :ssh will list all processes with the ssh port open, both listening and active connections.

answered Jan 25 '16 at 21:45

pgs

3,661

score 1 · Answer 8 · answered Mar 11 '23 at 10:06

Check Internally

netstat -tulpen | grep $PORT
lsof -i:$PORT

Check Externally

You can use

nc -z $IP $PORT

You can use Telnet

telnet $IP $PORT

You can use this online tool (I like this one)

https://www.yougetsignal.com/tools/open-ports/

And port scanner like Nmap CLI tool

score 1 · Answer 9 · answered May 13 '25 at 11:50

1

If there are no utilities available, for example, in a Docker container:

(echo >/dev/tcp/127.0.0.1/80) &>/dev/null && echo "open" || echo "closed"

answered May 13 '25 at 11:50

Sergey Fedyanov

41
1

Check if port is open or closed on a Linux server?

9 Answers9