Whether you are troubleshooting network connectivity issues or  configuring a firewall one of the first things to check is what ports  are actually opened on your system.

This article describes several approaches to find out what ports are opened to the outside on your Linux system.

What is Open Port

A listening port is a network port that an application listens on. You can get a list of the listening ports on your system by querying the network stack with commands such as ss, netstat or lsof. Each listening port can be open or closed (filtered) using a firewall.

In general terms, an open port is a network port that accepts incoming packets from remote locations.

For example, if you are running a web server that listens on ports 80 and 443 and those ports are open on your firewall anyone (except blocked ips)  will be able to access web sites hosted on your web server using his  browser. In this case, both 80 and 443 are open ports.

Open  ports may pose a security risk as each open port can be used by  attackers to exploit a vulnerability or perform any other type of  attacks. You should expose only the ports needed for functionality of  your application and close all other ports.

Check Open Ports with nmap

Nmap  is a powerful network scanning tool that can scan single hosts and  large networks. It is mainly used for security audits and penetration  testing.

If available, nmap should be your first tool when it comes to port scanning. Besides port scanning nmap can also detect Mac address, OS type, kernel versions, and much more.

The following command issued from the console determines which ports are listening for TCP connections from the network:

sudo nmap -sT -p-

The -sT tells nmap to scan for TCP ports and -p- to scan for all 65535 ports. If -p- is not used nmap will scan only 1000 ports.

Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for
Host is up (0.0012s latency).
Not shown: 998 closed ports
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

The output above shows that only ports 22, 80 and 8069 are opened on the target system.

To scan for UDP ports use -sU instead of -sT:

sudo nmap -sU -p-

For more information visit the nmap man page and read about all other powerful options of this tool.

Check Open Ports with netcat

Netcat (or nc) is a command-line tool that can read and write data across network connections, using the TCP or UDP protocols.

With netcat you can scan a single port or a port range.

For example to scan for open TCP ports on a remote machine with IP address in the range 20-80 you would use the following command:

nc -z -v 20-80

The -z option tells nc to scan only for open ports, without sending any data and the -v is for more verbose information.

The output will look something like this:

nc: connect to port 20 (tcp) failed: Connection refused
nc: connect to port 21 (tcp) failed: Connection refused
Connection to 22 port [tcp/ssh] succeeded!
Connection to 80 port [tcp/http] succeeded!

If you want only the lines with the open ports to be printed on the screen you can filter the results with the grep command.

nc -z -v 20-80 2>&1 | grep succeeded
Connection to 22 port [tcp/ssh] succeeded!
Connection to 80 port [tcp/http] succeeded!

To scan for UDP ports pass the -u option to the nc command:

nc -z -v -u 20-80 2>&1 | grep succeeded

Check Open Ports using Bash Pseudo Device

Another way to check whether a certain port is open or closed is by using the Bash shell /dev/tcp/.. or /dev/udp/.. pseudo device.

When executing a command on a /dev/$PROTOCOL/$HOST/$IP pseudo-device, Bash will open a TCP or UDP connection to the specified host on the specified port.

The following if..else statement will check whether port 443 on kernel.org is open:

if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
  echo "Port is open"
  echo "Port is closed"
Port is open

How does the code above works?

The default timeout when connecting to a port using a pseudo device is huge so we are using the timeout command to kill the test command after 5 seconds. If the connection is established to kernel.org port 443 the test command will return true.

You can also use the for loop to check for a port range:

for PORT in {20..80}; do
  timeout 1 bash -c "</dev/tcp/$PORT &>/dev/null" &&  echo "port $PORT is open"

The output will look something like this:

port 22 is open
port 80 is open


We have shown you  several tools that you can use to scan for open ports. There are also  other utilities and methods to check for open ports, for example, you  can use the Python socket module, curl, telnet or wget.

If you have any questions or remarks, please leave a comment below.