Command to Check Opened/Closed Ports on a Server
Introduction
Ports are used by services running on a server to communicate over the network. For example, web servers usually listen on ports 80 and 443, mail services use ports like 25, 110, 143, 993, and 995, and control panels such as cPanel/WHM use ports like 2082, 2083, 2086, and 2087.
To check whether ports are open, closed, or filtered on a server, we can use the nmap command. nmap is a powerful network scanning tool used to identify active services, open ports, and service versions running on a server.
Prerequisites
Before checking open or closed ports, ensure the following:
- Root or sudo access
You should have root or sudo privileges on the system from where you are running the scan. - nmap package installed
Thenmaptool must be installed on the server or local machine. - Server IP address
You should know the IP address of the server that needs to be scanned. - Network connectivity
Ensure the scanning machine can reach the target server. - Firewall permission
Make sure the firewall or security group allows scanning, otherwise some ports may show as filtered. - Authorization
Scan only servers that you own or have permission to test.
Steps
Step 1: Install nmap
For AlmaLinux, CentOS, or RHEL-based servers:
yum install nmap -y
For Ubuntu or Debian-based servers:
apt install nmap -y
Step 2: Check the server IP address
If you want to scan a remote server, note down the server IP address.
Example:
SERVER_IP_ADDRESS
Replace SERVER_IP_ADDRESS with the actual IP address of the server.
Step 3: Run the port scan command
Use the following command to scan all TCP ports and detect service versions:
nmap -Pn -T4 -sV -p- SERVER_IP_ADDRESS
Example:
nmap -Pn -T4 -sV -p- 192.168.1.10
Command Explanation
-Pn : Treat the host as online and skip host discovery -T4 : Use faster scan timing -sV : Detect service/version information -p- : Scan all ports from 1 to 65535
Step 4: Review the scan output
Example output:
PORT STATE SERVICE VERSION 53/tcp open domain 110/tcp open pop3 Dovecot pop3d 143/tcp open imap Dovecot imapd 993/tcp open ssl/imap Dovecot imapd 995/tcp open ssl/pop3 Dovecot pop3d 2082/tcp open unknown 2083/tcp open ssl/unknown 2086/tcp open unknown 2087/tcp open ssl/unknown 8080/tcp open http Apache Tomcat
Step 5: Understand the port states
open : The port is open and a service is listening on it. closed : The port is reachable but no service is listening. filtered : The port is blocked by firewall or security rules.
Step 6: Check listening ports locally on the server
If you are logged in to the server and want to check which services are listening locally, use:
ss -tulnp
Alternative command:
netstat -tulnp
Conclusion
Using nmap, we can easily check which ports are open, closed, or filtered on a server. This helps server administrators verify running services, troubleshoot connectivity issues, and improve server security by identifying unnecessary open ports.
It is recommended to keep only the required ports open and close or firewall all unused ports to reduce security risks.
