List open ports and listening services

One of the first things you should do after a fresh operating system install is see what services are running and remove any unneeded services from the system startup process. You could use a port scanner and run it against the host, but if one didn’t come with the operating system install, you’ll 
likely have to connect your fresh (and possibly insecure) machine to the network to download one.

To get a list of listening ports and their owning processes under Linux, run this command:

netstat -luntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1679/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 1766/dhclient

To get a list of listening ports under FreeBSD, run this command:

#netstat -a -n | egrep 'Proto|LISTEN'
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.587 *.* LISTEN
tcp4 0 0 *.25 *.* LISTEN

 Manually grep the /etc/services file:

grep -w 993 /etc/services
imaps 993/udp # imap4 protocol over TLS/SSL
imaps 993/tcp # imap4 protocol over TLS/SSL

The /etc/services file should only be used as a guide. If a process is listening on a port listed in the file, it doesn’t necessarily mean that the service listed in /etc/services is what it is providing.


To get a list of listening ports and their owning processes with sockstat, run this command:

sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sendmail 1141 4 tcp4 *:25 *:*
root sendmail 1141 5 tcp4 *:587 *:*

To get a list of listening ports and the processes that own them using lsof, run this command:

lsof -i -n | egrep 'COMMAND|LISTEN'
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
named 1127 named 20u IPv4 0xeb401dc0 0t0 TCP *:domain (LISTEN)
inetd 1133 root 4u IPv4 0xeb401ba0 0t0 TCP *:imap (LISTEN)