The network is the backbone behind much of the technology, and while a standalone device is not without significant value due to its local processing capabilities, the bread and butter behind the businesses involved to communication. Specifically, it helps systems and devices communicate with each other across networks to access or share data, maintain security, and monitor operations.
When using TCP/IP, the common language of networking, the process of checking ports to ensure they are configured, listening, and accepting traffic is standard for network and system administrators. Gateways are associated with processes running on target systems such as web servers, email servers, Active Directory domain controllers, and other centralized resources. Collecting information about them is essential for proper communication function.
SEE: Linux turns 30: Celebrating the open source operating system (free PDF) (TechRepublic)
Here are 10 ways you can work with ports that use Linux to troubleshoot and keep it running.
How to check which protocol and port is associated with a certain service
This command can show you a reference guide that will tell you the protocols and ports used (in theory) by any service in case you are looking for more information. It does not show you what is actively listening, but is used to help narrow down what can or should be used for any given function, such as FTP or SSH.
Run:
cat /etc/services | less
The output will show an extensive list of dozens of services and the ports associated with them to help serve as your reference point.
How to check which port is actively connected from or to the local system
Run ss and you will see a list of ports to which a particular system is connected, locally or remotely: Details will depend on the system and related functions.
How to use nmap to scan remote system for open ports
The nmap utility, also known as ncat, is a handy swiss army knife that works for Linux and Windows, which can be used to see what ports are open on a remote system. Keep in mind that port scanning can attract the attention of the security team, so only do this for authorized business purposes.
Let’s say you want to see what ports are open on the Microsoft remote systems website.
In Linux, run:
nmap microsoft.com
The results will show open ports on that server similar to this:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:32 Eastern Daylight Time
Nmap scan report for microsoft.com (20.81.111.85)
Host is up (0.018s latency).
Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds
To check for a specific port such as 443, run nmap -p 443 microsoft.com.
You can test multiple ports like 80 and 443 with nmap -p 80,443 microsoft.com.
How to check the local system to see which applications are associated with the port
Let’s say you want to see which local applications are listening on port 8443.
Run:
netstat -tulpn | grep 8443
This will return the process ID (PID), e.g. 8971 (multiple PIDs can be) as well as the application name (Java in this case).
How to remove an application or service associated with a specific port
This can be useful for apps or services that you don’t recognize and suspect may be malicious. Follow the command above to get the PID(s), then run:
kill -9 (PID)
Repeat as needed for each PID to terminate the process.
How to check remote system using telnet to see if any ports are listening and can connect to
Let’s say you want to see if a remote system named host.company.com is listening on port 443 and can be connected to.
Run:
telnet host.company com 443
If you see a Connected response, the server is listening on that port and can be connected to.
If you get a Connection Denied error or the connection times out, the server is not listening, access may be blocked from that server, or you cannot access the server (check firewall access).
How to test remote system without telnet to see if a port is listening and can connect to
Not every system has telnet installed, and although you can usually install it from a yum repository using yum install telnet, sometimes those repositories don’t contain the package or the system is corrupted. The lock does not allow any software to be installed. You may also be in too much of a hurry to install yum. Let’s say you want to see if a server with IP 10.37.39.141 is listening on port 636:
echo > /dev/tcp/10.37.39.141/636
Ironically, if you don’t get a response, that’s actually a good thing and means access worked.
If you get a Connection Denied error or the connection times out, the server is not listening, access may be blocked from that server, or you cannot access the server (check firewall access).
How to check remote system with curl to see if TCP port is listening
This achieves the same result as the previous step, but is a handy way to work towards curling application.
Let’s say you want to see if a server with IP address 10.37.34.21 is listening on port 16667:
Run:
curl -v telnet://10.37.34.21:16667
If you see a Connected response, the server is listening on that port and can be connected to.
If you get a Connection Denied error or the connection times out, the server is not listening, access may be blocked from that server, or you cannot access the server (check firewall access).
Note that this only works for TCP ports.
How to check which SSL certificate is listening on a port
This is one of my favorites and it has been a lifesaver for me during the SSL certificate replacement process to make sure everything is done correctly.
Let’s say you have a server named splunk.company.com with an SSL certificate attached to port 8000, which you just replaced and want to confirm exists.
Run:
openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout
This will return the full details of the SSL certificate like CN and issuer.
How to check expiration date of SSL certificate listening on a port
For a quick way to setup the server in question with the right certificate attached to that port, run:
openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates
This will return results similar to the following:
notBefore=May 31 21:46:06 2021 GMT
notAfter=May 31 21:56:06 2022 GMT
With the above information, you can rest assured knowing where the right certificate is located.
