When connected to a network or to specific troubleshooting application problems, the first thing to check is what ports and which should actually use the application on the system is listening on a specific port.
This article will explain how to use netstat, ss and lsof command to find out which ports to use on which services. These instructions apply to all Linux and Unix-based operating systems, such as macOS.
What is is listening
Type of network ports identified by his ID, IP address, or the like associated with UDP and TCP communication protocol.
Listening port is an application or process is listening network port, serving as a communication endpoint.
It can be used to open or close the firewall (filtering) each listener port. Generally, the open port is a network port receiving incoming packets from a remote location.
You can not have two different service listens on the same port on the same IP address.
For example, if you are running the Apache Web server is listening on port 80 and 443, after you try to install Nginx will not start because the HTTP and HTTPS port is already in use.
Check the port using netstat
netstat is a command-line tool that provides information about the network connection.
To list all TCP or UDP port is listening, including the use of port services and the socket state, use the following command:
This command is used options have the following meanings:
- -t - Displays the TCP port.
- -u - Displays the UDP port.
- -n - numeric addresses instead of the host name.
- -l - show only listening port.
- -p - show PID and process name. Only when you command as root or sudo user identity to run, it will display this information.
Example output is shown below:
linuxidc@linuxidc:~/www.linuxidc.com$ sudo netstat -tunlp
[sudo] linuxidc 的密码:
激活Internet连接 (仅服务器)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1405/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1181/nginx: master
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 784/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1081/cupsd
tcp6 0 0 :::80 :::* LISTEN 1181/nginx: master
tcp6 0 0 ::1:631 :::* LISTEN 1081/cupsd
udp 0 0 0.0.0.0:44785 0.0.0.0:* 958/avahi-daemon: r
udp 0 0 127.0.0.53:53 0.0.0.0:* 784/systemd-resolve
udp 0 0 0.0.0.0:68 0.0.0.0:* 4581/dhclient
udp 0 0 0.0.0.0:631 0.0.0.0:*
The more important column of our example is:
- Proto - protocol used by the socket.
- Local Address - the process of listening IP address and port number.
- PID / Program name - PID and process name.
If you want to filter results, use the grep command. For example, to find on TCP port 80 listening process, type:
Output by the display using this machine nginx server port 80:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1181/nginx: master
tcp6 0 0 :::80 :::* LISTEN 1181/nginx: master
If the output is empty, it means that nothing is listening on port.
You can also filter the list according to the conditions, such as PID, protocols, status.
netstat is obsolete, and replaced with ss and ip, but it is still the most commonly used commands to check the network connection.
Use ss inspection port
ss new netstat. It lacks some features netstat, but exposes more TCP state, but slightly faster. Command options roughly the same, and therefore converted from netstat ss not difficult.
To use ss get a list of all listening ports, type:
Almost the same output netstat report:
linuxidc@linuxidc:~/www.linuxidc.com$ sudo ss -tunlp
[sudo] linuxidc 的密码:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:44785 0.0.0.0:* users:(("avahi-daemon",pid=958,fd=14))
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=784,fd=12))
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=4581,fd=6))
udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:* users:(("cups-browsed",pid=27807,fd=7))
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* users:(("avahi-daemon",pid=958,fd=12))
udp UNCONN 0 0 [::]:49638 [::]:* users:(("avahi-daemon",pid=958,fd=15))
udp UNCONN 0 0 [::]:5353 [::]:* users:(("avahi-daemon",pid=958,fd=13))
tcp LISTEN 0 80 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=16718,fd=20))
tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1189,fd=6),("nginx",pid=1188,fd=6),("nginx",pid=1187,fd=6),("nginx",pid=1186,fd=6),("nginx",pid=1185,fd=6),("nginx",pid=1184,fd=6),("nginx",pid=1183,fd=6),("nginx",pid=1182,fd=6),("nginx",pid=1181,fd=6))
Use lsof to check port
lsof is a powerful command-line utility that provides information about the process to open the files.
In Linux, everything is a file. You can file written to the network socket regarded.
To get a list of all lsof listens on TCP port, enter:
Use the options are as follows:
- -n - Do not use the port number to a port name.
- -p - Do not resolve host names, numeric addresses.
- -iTCP -sTCP: LISTEN - displays only the TCP protocol network file LISTEN state.
linuxidc@linuxidc:~/www.linuxidc.com$ sudo lsof -nP -iTCP -sTCP:LISTEN
[sudo] linuxidc 的密码:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 784 systemd-resolve 13u IPv4 22476 0t0 TCP 127.0.0.53:53 (LISTEN)
nginx 1181 root 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1181 root 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1182 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1182 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1183 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1183 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1184 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1184 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1185 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1185 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1186 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1186 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1187 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1187 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1188 www-data 6u IPv4 29330 0t0 TCP *:80 (LISTEN)
nginx 1188 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
nginx 1189 www-data 6u IPv 29330 0t0 TCP *:80 (LISTEN)
nginx 1189 www-data 7u IPv6 29331 0t0 TCP *:80 (LISTEN)
mysqld 16718 mysql 20u IPv4 76540 0t0 TCP 127.0.0.1:3306 (LISTEN)
cupsd 27806 root 6u IPv6 93720 0t0 TCP [::1]:631 (LISTEN)
cupsd 27806 root 7u IPv4 93721 0t0 TCP 127.0.0.1:631 (LISTEN)
Most of the output column names are self-explanatory:
- COMMAND, user PID, USER- command, PID and the command is run.
- NAME - the port number.
To find a particular port is listening (for example, 3306) of the process, use the following command:
sudo lsof -nP -iTCP:3306 -sTCP:LISTEN
The output shows the MySQL server using port 3306:
linuxidc@linuxidc:~/www.linuxidc.com$ sudo lsof -nP -iTCP:3306 -sTCP:LISTEN
[sudo] linuxidc 的密码:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 16718 mysql 20u IPv4 76540 0t0 TCP 127.0.0.1:3306 (LISTEN)
For more information, please visit lsof manual page and read this powerful tool of all other options.
in conclusion
We showed you a few commands, you can use these commands to check the port on the system being used, and how to find a process listening on a specific port.