Image: Julien Tromeur / Adobe Stock

The web is the backbone behind much of the technology, and while the stand-alone device is not without significant value due to its local processing capabilities, the bread and butter behind business operations involve communication. Namely, obtaining systems and devices that communicate with each other through networks for accessing or sharing data, maintaining security and monitoring operations.

When using TCP / IP, the universal language of networks, the process of checking ports to ensure that they are configured, listening and receiving traffic is a standard cost for system and network administrators. Ports are related to processes running on target systems such as web servers, email servers, Active Directory domain controllers, and other centralized resources. Gathering information about them is essential for proper communication functionality.

SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)

Here are 10 ways you can work with ports using Linux to troubleshoot and support operations.

How to check what protocols and ports are associated with a service

This command can show you a directory that will tell you the protocols and ports used (in theory) by each service in case you are looking for more information. It does not show you what is being actively listened to, but rather is used to help narrow down what can or should be used for a feature, such as FTP or SSH.

Play:

cat /etc/services | less

The result will show an extensive list of dozens of services and related ports to help you serve as a reference point.

How to check which ports are actively connected to or from a local system

Execute ss command and you will see a list of ports to which a particular system is connected, locally or remotely: Details will depend on the system and the features included.

How to use nmap to scan a remote system for open ports

IN Nmap utility, also known as ncat, is a handy Swiss Army knife that works for Linux and Windows that can be used to see which ports are open on a remote system. Keep in mind that port scanning can get the attention of a security team, so do so only for authorized business purposes.

Let’s say you want to see which ports are open on the Microsoft Remote System website.

In Linux, run:

nmap microsoft.com

The results will reveal open ports on this host, similar to the following:

Starting Nmap 7.92 ( ) at 2022-05-05 15:32 Eastern Daylight Time

Nmap scan report for microsoft.com (20.81.111.85)

Host is up (0.018s latency).

Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29

Not shown: 998 filtered tcp ports (no-response)

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds

To check for a specific port, such as 443, run nmap -p 443 microsoft.com.

You can check multiple ports such as 80 and 443 s nmap -p 80,443 microsoft.com.

How to check the local system to see which application is connected to a port

Suppose you want to see what local application is listening on port 8443.

Play:

netstat -tulpn | grep 8443

This will return the process ID (PID), for example 8971 (may have multiple PIDs), as well as the application name (in this case Java).

How to kill an application or service associated with a specific port

This can be useful for applications or services that you do not recognize and suspect are malicious. Follow the command above to get the PID (s), then run:

kill -9 (PID)

Repeat if necessary for each PID to abort the process.

How to check a remote system with telnet to see if the port is listening and can be connected

Suppose you want to see if a remote system called host.company.com is listening on port 443 and can be connected.

Play:

telnet host.company com 443

If you see a Connected response, the host is listening on this port and can be connected.

If you receive a Connection Refused error or the connection has expired, the host is either not listening, access may be blocked by that host, or you may not be able to reach the host (check for firewall access).

How to check a remote system without telnet to see if the port is listening and can be connected

Not every system has telnet installed, and although you can usually install it from a yum repository using yum install telnet, sometimes repositories do not contain this package or the system is locked, preventing software from being installed. You may also be in too much of a hurry to install yum. Assume you want to see if the host with an IP of 10.37.39.141 is listening on port 636:

echo > /dev/tcp/10.37.39.141/636

Ironically, if you don’t get an answer, it’s actually a good thing and it means that access works.

If you receive a Connection Refused error or the connection has expired, the host is either not listening, access may be blocked by that host, or you may not be able to reach the host (check for firewall access).

How to check a remote system using curl to see if the TCP port is listening

This achieves the same result as the previous step, but is a convenient way to navigate the application of curls.

Assume you want to see if the host with IP address 10.37.34.21 is listening on port 16667:

Play:

curl -v telnet://10.37.34.21:16667

If you see a Connected response, the host is listening on this port and can be connected.

If you receive a Connection Refused error or the connection has expired, the host is either not listening, access may be blocked by that host, or you may not be able to reach the host (check for firewall access).

Note that this only works for TCP ports.

How to check what SSL certificate is listening on the port

This is one of my favorites and was a lifesaver for me during the SSL certificate replacement to make sure things were done correctly.

Assume you have a server named splunk.company.com with an SSL certificate attached to port 8000 that you just replaced and want to confirm that it is present.

Play:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout

This will return the full details of the SSL certificate, such as CN and the issuer.

How to check the expiration date of an SSL certificate that listens on a port

To quickly determine that the server in question has the correct certificate attached to this port, follow these steps:

openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates

This will return an output similar to the following:

notBefore=May 31 21:46:06 2021 GMT

notAfter=May 31 21:56:06 2022 GMT

Given the above information, you can rest assured that the correct certificate is available.

10 ways to check ports in Linux to help troubleshoot systems

Previous articleFintech innovations among companies in the military industry have declined in the last year
Next articleThe value of mergers and acquisitions doubled in the first quarter of 2022