84

What is the command to display a list of open ports on a Debian server?

I tried netstat -a | egrep 'Proto|LISTEN' but I would like something more specific that actually lists the port number.

stew
  • 9,388
  • 1
  • 30
  • 43
leonel
  • 979
  • 2
  • 7
  • 8

8 Answers8

111
 netstat -pln

-l will list listening ports, -p will also display the process, -n will show port numbers instead of names. Add -t to only show TCP ports.

Stone
  • 7,011
  • 1
  • 21
  • 33
  • 17
    For the `-p` to work properly, you need to run this as root, so `sudo netstat -tpln`, otherwise the process column will not be particularly useful, unless you're the user whose process is listening on a given port. – cjc Feb 06 '12 at 18:21
31

lsof -i -P

Check the man page for lsof as there is no shortage of options. -P lists the port number rather than the name taken from /etc/services Run as root, though, this will provide you with a list of all active network connections and their status (listening, established, etc).

Jeff Ferland
  • 20,547
  • 2
  • 62
  • 85
16

I'm a big fan on netstat -ntlp and lsof -i, both mentioned already.

A new(er) command to me is ss.

The invocation is like:

ss -l

It's good to have options, in terms of commands and flags.

dmourati
  • 25,540
  • 2
  • 42
  • 72
  • 1
    options are especially good since the mongo docker container (and presumably many others) had ss but not netstat or lsof – Foon Nov 14 '16 at 01:23
  • I started using this as an interview question. Probably asked 40 different people. So far not one has mentioned ss. I ask it like the OP, then if they answer, I say, "ok, I take away X, now how can you do it." Until the run out of ideas. – dmourati Jun 29 '17 at 04:14
13

What almost everybody wants (TCP and UDP) is netstat -tunlp.

I use it every day, maybe every hour. The 'lsof' hack is more portable (works on Solaris too), but on Debian it's not an essential package, you have to install it.

zerodeux
  • 656
  • 4
  • 6
7

You can do:

netstat -an | egrep 'Proto|LISTEN'

or simply:

netstat -anl

which will give you all listening sockets on the system.

Karlson
  • 241
  • 3
  • 6
  • 2
    This would be the best solution (where "best" is defined as "works on the broadest range of systems" (BSD, Linux, AIX, Solaris, I believe HP-UX)) – voretaq7 Feb 06 '12 at 22:31
2

Listening ports are not the same as ports open from the outside. You need to consider the firewall. If you try a program like nmap from another computer then you will be able to see the open ports not blocked by firewall.

Niklas Rosencrantz
  • 179
  • 1
  • 2
  • 17
0

TechRepulic has a decent article that you can find here. It has some similar commands as you listed above but also a few variations. I would also highly recommend using nmap to do a port scan of the computer in question so you can see from an external perspective what ports are open and listening.

Eric
  • 1,383
  • 3
  • 17
  • 34
  • Could you please tell me why this was down voted? As I simply provided a link with a lot of the solutions above which were approved along with a different perspective of doing an external scan as well. Thanks. – Eric Feb 06 '12 at 19:10
  • 8
    I didn't downvote, but on serverfault like most stack-exchange we generally expect you to to put the answer here, and not just a link to somewhere else. Links go away over time, but we want content on SF to still be valuable when the links die. – Zoredache Feb 06 '12 at 22:55
  • The only line of code that the above article link has is `sudo nmap -T4 -A -v 192.168.1.1/24` everything else is go do this - go do that without any details... Its like reading the back cover of a book - lots of words without meat. – KingsInnerSoul Apr 01 '16 at 14:37
0

I prefer to use instead:

netstat -antp 
lsof -i 
netstat -lptu
netstat -tulpn
XsiSec
  • 101
  • 1