Linux Security Networking Utilities

How to Use Netstat Command in Linux to Check a Specific Port

netstat is a powerful networking tool on Linux. In this article, I am going to show you how to install netstat on Debian 9 Stretch and how to use netstat to show listening ports on Debian 9 Stretch. Let’s get started.

Installing netstat on Debian 9 Stretch:

netstat command is a part of the net-tools utility package on Debian 9 Stretch. It may not be installed by default on your Debian 9 Stretch operating system. The net-tools package is available in the official package repository of Debian 9 Stretch. So installing it is very easy.

First update the apt package repository cache of your Debian 9 Stretch machine with the following command:

$ sudo apt update

The apt package repository cache should be updated.

Now run the following command to install the net-tools utility on Debian 9 Stretch:

$ sudo apt install net-tools

net-tools should be installed.

Now check whether netstat is working with the following command:

$ netstat --version

It works!

Listing All Ports and Sockets Using netstat:

You can list all the opened ports and connected sockets on your Debian 9 machine with the following command:

$ sudo netstat -a

or

$ sudo netstat --all

As you can see, all the opened ports and sockets are listed. It’s a very long list.

Listing All the Listening Ports and Sockets with netstat:

You can use netstat to see a list of all the ports and sockets that are listening with the following command:

$ sudo netstat -al

Or

$ sudo netstat --all --listening

As you can see, all the ports and sockets on your Debian 9 machine is listed. It’s a long list.

Listing All the Listening TCP Ports with netstat:

You can list all the TCP (Transmission Control Protocol) ports that are listening using netstat with the following command:

$ sudo netstat -tal

Or

$ sudo netstat --all --listening --tcp

As you can see, all the TCP ports that are listening is listed.

In the output of netstat, all the common ports are replaced by the service name by default. For example, the port 80 by default is the port for the HTTP (HyperText Transfer Protocol), which we all are familiar with. So in the output of netstat, it is shown as http instead of port 80 as you can see in the marked section of the screenshot below.

If you need the port number, not the service name, then you can run the following netstat command:

$ sudo netstat -natl

Or

$ sudo netstat --all --listening --numeric --tcp

As you can see from the marked section of the screenshot below, the service names are replaced by the port number.

Listing All the Listening UDP Ports with netstat:

If you want to list all the UDP (User Datagram Protocol) ports that are listening on your Debian 9 machine, you can do so with the following netstat command:

$ sudo netstat -aul

Or

$ sudo netstat --all --listening --udp

All the listening UDP ports should be listed. Just like the TCP port example, the common port numbers are replaced by the service names by default here as well, as you can see from the marked section of the screenshot below.

But the ports that are not common are not replaced by the service names as you can see from the marked section of the screenshot below.

If you want all the ports to be displayed, not the service name as before, then run the following netstat command:

$ sudo netstat -laun

Or

$ sudo netstat --all --listening --numeric --udp

As you can see from the marked section of the screenshot below, the service names are replaced by the UDP port number.

Find out What Service Name Represent What Port:

Debian 9 Stretch has a service file which can be found at /etc/services

You can open the service file /etc/services with the following command:

$ less /etc/services

The contents of the /etc/services file:

The /etc/services file contains a long list of service name, and the port number and protocol of that specific service that a client or server may use. Programs on Linux system such as netstat uses this file to resolve the port numbers to service names and vice versa.

The service name, port number and protocol of the SSH service in /etc/services file:

How to Get Help with netstat:

On Debian 9 Stretch, if you need any help with the netstat command, you can just go to the manpage of netstat and you should be able to get a clear documentation of what netstat command line options are available and what they do.

To go to the manpage of netstat, run the following command:

$ man netstat

The netstat manpage:

That’s how you show listening ports on Debian 9 Stretch with netstat. Thanks for reading this article.

About the author

Shahriar Shovon

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.