‘I’m new to Linux and have been told to check for open ports on my Linux box to check security. What does that mean and should I do it?’ This is a question we received from a TechJunkie reader this week and I think it’s interesting enough that more people are likely to want to know.
As ports are integral to how a computer connects to the internet, it’s an excellent topic to cover.
What is a port?
Ports are either physical or virtual. A physical port is your Ethernet port on your computer or LAN or WAN ports on your router. In the context of the question, we’re talking about virtual ports on a computer which are different to those physical ports.
At its most basic, a port is a virtual doorway into your computer for specific services to use. There are lots of web services such as email, web access, streaming, FTP or file transfer, remote access and others. They have all been assigned different ports so your operating system and any web-enabled application can recognize what’s going on.
For example, an operating system knows that anything landing at port 80 is going to be HTTP, or web traffic, port 443 is for HTTPS or secure web traffic. Anything landing at port 25 is going to be SMTP, or email traffic and so on. Even though there aren’t that many web services, there are actually over a thousand port assignments.
For example, your browser connects to TechJunkie through port 443 so the web server knows you are requesting an HTTPS copy of the page. If I to want to upload files to the server, I would use FTP port 989 or 990 for secure FTP. As the request arrives on that port, the server automatically knows what kind of traffic it is and routes it to the correct service.
Routers also have ports but they are different and out of the scope of this article.
Open and closed ports
The terms open ports and closed ports are actually incorrect. A port is neither open nor closed. It is filtered or unfiltered. A firewall can ‘block’ ports by not allowing applications to communicate through them or let all traffic through depending on what the settings. The port is still open and an application may still be listening for traffic but the firewall assess that traffic as destined for a port it knows is not authorized and blocks the traffic.
Many common ports are automatically left unfiltered by your firewall. The firewall will be programmed to accept traffic from the common web ports until you tell it otherwise. So when you select to block internet access using a firewall, you’re telling it to block and drop all traffic destined for Port 80 and port 443.
Check ports in Linux
You have a bunch of tools you can use in Linux to see what’s going on. Checking ports is simple, but as usual, you can keep things simple or dig as deep as you like into what your Linux device is doing.
The Netstat command is what we use to check ports and other network services.
- Type ‘netstat -atu’ into a terminal and hit Enter. This will show you all sockets, TCP and UDP connections currently active in Linux.
- Type ‘netstat –listen’ or ‘netstat -l’ and hit Enter to just list listening ports on your computer.
- Type ‘netstat -vatn’ and hit Enter to list existing TCP connections from your computer.
- Type ‘netstat -vaun’ and hit Enter to list existing UDP connections.
- Type ‘netstat -ltup’ to show all connections along with the program listening to each port.
- Type ‘netstat -lntup’ and hit Enter to show the IP addresses along with the port number.
Those commands do essentially the same thing but provides different information depending on your needs. Each will answer the original question though.
Even though we know you don’t actually ‘close’ a port it is still common parlance for filtering it. When someone says you should close a port, you don’t actually do that on your Linux computer. You can only close ports from the program listening on the port or filter it on your firewall.
Advanced users can play around with IPTables in some Linux distros but that’s too complicated for me. This guide walks you through that.
Do you need to check ports?
If you use a firewall and good internet hygiene, you should not ever really need to check for ports on a Linux computer. If you’re managing a Linux server, web server or router, ports become much more important but for desktops, not so much. A good firewall will take care of everything for you.