Networking is the backbone behind much technology, and while a standalone device is not without significant value due to its local processing capabilities, the bread and butter behind business operations is communications. That is, allowing systems and devices to communicate with each other over networks to access or share data, maintain security, and monitor activities.
When using TCP/IP, the universal language of networks, the process of checking ports to ensure they are configured, listening, and accepting traffic is standard for system and network administrators. Ports are associated with processes running on target systems such as web servers, email servers, Active Directory domain controllers, and other centralized resources. Collecting information about them is essential for good communicative functionality.
SEE: Linux Turns 30: Celebrating the Open Source Operating System (Free PDF) (TechRepublic)
Here are 10 ways you can work with Linux ports to troubleshoot and maintain operations.
How to check to see which protocols and ports are associated with a particular service
This command can show you a reference guide that will tell you the protocols and ports used (in theory) by a service in case you are looking for more information. It does not show what is actively listening, but rather is used to help determine what can or should be used for a particular function, such as FTP or SSH.
Walk:
cat /etc/services | less
The output shows a comprehensive list of dozens of services and their ports to serve as a reference point for you.
How to check to see which ports are actively connected to or from a local system
Carried out ss command and you will see a list of the ports a particular system is connected to, either locally or remotely: Details will depend on the system and the features involved.
How to use nmap to scan a remote system for open ports
The nmap utility, also called ncat, is a handy Swiss Army knife that works for Linux and Windows and can be used to see which ports are open on a remote system. Keep in mind that port scanning can get the attention of a security team, so only do it for authorized business purposes.
Let’s say you want to see which ports are open on Microsoft’s external system website.
In Linux, run:
nmap microsoft.com
The results will reveal open ports on that host, similar to the following:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 15:32 Eastern Daylight Time
Nmap scan report for microsoft.com (20.81.111.85)
Host is up (0.018s latency).
Other addresses for microsoft.com (not scanned): 20.84.181.62 20.103.85.33 20.53.203.50 20.112.52.29
Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 47.51 seconds
To check for a specific port, such as 443, enter nmap -p 443 microsoft.com†
You can check multiple ports such as 80 and 443 with nmap -p 80,443 microsoft.com†
Checking a local system to see which application is associated with a port
Let’s say you want to see which local application is listening on port 8443.
Walk:
netstat -tulpn | grep 8443
This returns the process ID (PID), for example 8971 (there can be multiple PIDs) as well as the application name (in this case it’s Java).
Kill an application or service associated with a specific port?
This can be useful for applications or services that you don’t recognize and suspect to be malicious. Follow the command above to get the PID(s), then run:
kill -9 (PID)
If necessary, repeat for each PID to end the process.
How to check a remote system with telnet to see if a port is listening and can be connected to?
Let’s say you want to see if a remote system named host.company.com is listening on port 443 and can connect to.
Walk:
telnet host.company com 443
If you see the response Connected, the host is listening on that port and can connect to it.
If you get a Connection Denied error or if the connection times out, the host is not listening, may be blocking access from that host, or you are unable to reach the host (check for firewall access).
How to check a remote system without telnet to see if a port is listening and can be connected to?
Not every system has telnet installed, and while you can usually install it from a yum repository using yum install telnet, sometimes the repositories don’t contain that package or the system is locked, preventing software from being installed. You might also be in too much of a hurry to do a yum install. Let’s say you want to see if the host with the IP address 10.37.39.141 is listening on port 636:
echo > /dev/tcp/10.37.39.141/636
Ironically, if you don’t get a response back, that’s actually a good thing and means the access worked.
If you get a Connection Denied error or if the connection times out, the host is not listening, may be blocking access from that host, or you are unable to reach the host (check for firewall access).
How to check a remote system using curl to see if a TCP port is listening
This produces the same result as the previous step, but is a useful way to orientate yourself to the curl application.
Let’s say you want to see if the host with the IP address 10.37.34.21 is listening on port 16667:
Walk:
curl -v telnet://10.37.34.21:16667
If you see the response Connected, the host is listening on that port and can connect to it.
If you get a Connection Denied error or if the connection times out, the host is not listening, may be blocking access from that host, or you are unable to reach the host (check for firewall access).
Note that this only works for TCP ports.
How to check which SSL certificate is listening on a port
This is one of my favorites and has been a lifesaver for me when replacing SSL certificates to make sure everything was done correctly.
Let’s say you have a server called splunk.company.com with an SSL certificate attached to port 8000, which you just replaced and want to confirm it’s there.
Walk:
openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout
Returns the full details of the SSL certificate, such as the CN and the issuer.
Checking the expiration date of an SSL certificate listening on a port
For a quick way to determine that the server in question has the correct certificate on that port, run:
openssl s_client -connect splunk.company.litle.com:8000 2>/dev/null | openssl x509 -noout -dates
This gives an output similar to the following:
notBefore=May 31 21:46:06 2021 GMT
notAfter=May 31 21:56:06 2022 GMT
With the above information in mind, you can rest easy knowing that the correct certificate is in place.
