Application of Linux Commands and Ports

In Linux, there are various methods to check the usage of ports and their corresponding applications. Here are several commonly used methods:

1. Use the <span>ss</span> command (recommended)

<span>ss</span> (Socket Statistics) is a modern replacement for <span>netstat</span>, which is more efficient.

# View all listening ports and corresponding programs
sudo ss -tulnp
# Parameter explanation:
# -t: TCP ports
# -u: UDP ports
# -l: show only listening ports
# -n: display ports in numeric form (do not resolve service names)
# -p: display process information

sudo ss -tulnp  # View all listening ports
sudo ss -tunp  # View all established connections

Output example::

State   Recv-Q  Send-Q  Local Address:Port   Peer Address:Port  Process
LISTEN  0       128     0.0.0.0:22          0.0.0.0:*          users:(("sshd",pid=1234,fd=3))
LISTEN  0       100     127.0.0.1:6379       0.0.0.0:*          users:(("redis-server",pid=5678,fd=6))

2. Use the <span>netstat</span> command (traditional tool)

If the system does not have <span>ss</span> installed, you can use <span>netstat</span>:

sudo netstat -tulnp

Output example::

[root@localhost ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      306102/minio
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      1308/redis-server
    tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      814/rpcbind

3. Use the <span>lsof</span> command

<span>lsof</span> can list files opened by processes (including network ports):

# View all network connections and processes
sudo lsof -i
# View a specific port (e.g., 6379)
sudo lsof -i :6379
# View TCP connections
sudo lsof -i TCP
# View UDP connections
sudo lsof -i UDP

Output example::

COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd      1   root   46u  IPv6  23678      0t0  TCP *:websm (LISTEN)
rpcbind    806    rpc    6u  IPv4  16313      0t0  UDP *:sunrpc
rpcbind    806    rpc    7u  IPv4  16314      0t0  TCP *:sunrpc (LISTEN)
rpcbind    806    rpc    8u  IPv6  16315      0t0  UDP *:sunrpc
rpcbind    806    rpc    9u  IPv6  16316      0t0  TCP *:sunrpc (LISTEN)
chronyd    856 chrony    6u  IPv4  23773      0t0  UDP localhost:323
chronyd    856 chrony    7u  IPv6  23774      0t0  UDP localhost:323

4. Use the <span>fuser</span> command

# View the usage of a specific port
sudo fuser 80/tcp
sudo fuser 53/udp
# Display detailed information
sudo fuser -v 80/tcp

Output example::

[root@localhost ~]# fuser -v 9090/tcp                     用户     进程号 权限   命令
9090/tcp:            root          1 F.... systemd

5. Check the service name corresponding to the port

# Resolve port services through the /etc/services file
grep 6379 /etc/services
# Or use nmap to scan local ports
sudo nmap -sT -O 127.0.0.1

Output example::

[root@localhost ~]# grep 6379 /etc/services
redis           6379/tcp                # An advanced key-value cache and store
[root@localhost ~]# nmap -sT -O 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-02 13:39 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0023s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
9000/tcp open  cslistener
9001/tcp open  tor-orport
9090/tcp open  zeus-admin
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.48 seconds

6. Check the open ports in the firewall

# View firewall rules (iptables)
sudo iptables -L -n
# View open ports in firewalld (CentOS/RHEL)
sudo firewall-cmd --list-ports

Output example::

[root@localhost ~]# firewall-cmd --list-ports
6379/tcp

7. Quick check of common port status

# Check if a port is open (e.g., 80)
telnet 127.0.0.1 80
# Or use nc (netcat)
nc -zv 127.0.0.1 22

Output example::

[root@localhost ~]# nc -zv 127.0.0.1 6379
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:6379.
Ncat: 0 bytes sent, 0 bytes received in 0.22 seconds.
[root@localhost ~]# telnet 127.0.0.1 9000
Trying 127.0.0.1...Connected to 127.0.0.1.
Escape character is '^]'.
^]HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close

400 Bad Request
Connection closed by foreign host.

8. Graphical tools (optional)

  • <span>nmap</span>: Scan for open ports on local or remote hosts.

    sudo nmap -sV 127.0.0.1
  • <span>gnome-nettool</span> (GUI): Suitable for desktop environments.

9. Common Ports and Services Reference Table

Port Common Services
22 SSH
80 HTTP
443 HTTPS
6379 Redis
3306 MySQL/MariaDB
5432 PostgreSQL
27017 MongoDB

Summary

Scenario Recommended Command
Quickly view all listening ports <span>sudo ss -tulnp</span>
Check specific port usage <span>sudo lsof -i :port_number</span>
Verify if a port is open <span>nc -zv IP port</span>
Find the port used by a process <span>sudo ss -p | grep <PID></span>

By using the above methods, you can comprehensively understand the relationship between ports and programs in the Linux system, which is helpful for troubleshooting network or service issues.

Leave a Comment