Checking Ports Linux With netstat

The most useful utility on Linux to check the ports being used on your system is ‘netstat’

From the man page:

netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Typical Usage:

If you do not have root access on the server,

netstat -an

This will give you a list of ports being used on all network interfaces (-a) and will not use DNS or resolve standard ports to the services they are running(-n).  

Not using DNS will typically make the command run faster, and ‘netstat’ will not always get the port to service name resolution correct.

If you have root access:

netstat -antpu 

This adds -t (for tcp connections) -u (udp connections) and most importantly, -p (which shows the ID of the process that started this port).  Having the pid of the process controlling the port can help you quickly recognize what the port is for, or to kill the process if you are having issues with that port. Root access is needed to map the port to a process ID.

See only established connections:

netstat -antpu | grep EST

See only listening ports:

netstat -antpu | grep LIST

Oh my gosh, I just ssh’ed to this server, and netstat is not installed, and I can’t install any additional software! What utility can I turn to????

Try ‘ss’. This utility is found by default on many of the most bear bones linux systems. It is not nearly as robust as netstat, but sometimes you have to work with the tools you have on hand.

Leave a Reply

Your email address will not be published. Required fields are marked *