≡ Menu

HowTo: UNIX / Linux Open TCP / UDP Ports

How do I open the TCP or UDP ports under UNIX / Linux like operating systems?

A port is an application-specific or process-specific software construct serving as a communications endpoint and it is identified by its number such as TCP port number 80 . It is used by TCP and UDP of the Internet Protocol Suite. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535.

        UNIX / Linux 
    | Networking stack |
    |      eth0        |
    |  Apache process  |--> Binding port 80 @ IP 

In the above example Apache process associates its input and output channel file descriptors (fd) with a port number 80 and an IP address This is known as binding. It is used to send and receive web pages via UNIX / Linux operating system’s networking stack (software). In other words communication is done using application ports. When you start the Apache you open port 80 for communication. Common services such as web, mail, pop3 et all use use specifically reserved, well-known port numbers for receiving service requests from client hosts. The well-known ports are defined the Internet Assigned Numbers Authority (IANA). Type the following command to see list well-known of TCP and UDP port numbers:
$ less /etc/services
grep -w 80 /etc/services

Sample outputs:

www		80/tcp		http		# WorldWideWeb HTTP
www		80/udp				# HyperText Transfer Protocol

Privileged Ports

Typically port number less than 1024 are used by well know network servers such as Apache. Under UNIX and Linux like oses root (super user) privileges are required to open privileged ports. Almost all clients uses a high port numbers for short term use. This is also known as an ephemeral port. For example Apache use TCP port 80

  Server                         Client w/ Firefox
 +----------+                    +----------------+       
 | Apache   |                    | connects using | 
 | TCP Port |                    | an ephemeral   |
 | 80 @     |<-----> eth0 <----> | port #         |  
 ||                    | 46025          | 
 +----------+                    +----------------+

The port numbers are divided into three ranges:

  1. Well Known Ports: those from 0 through 1023.
  2. Registered Ports: those from 1024 through 49151
  3. Dynamic and/or Private Ports: those from 49152 through 65535

You can increase local port range by typing the following command (Linux specific example):
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
You can also increase or decrease socket timeout (Linux specific example):
# echo 2000 > /proc/sys/net/ipv4/tcp_keepalive_time

Common Well Known Port Numbers

The following are used by UNIX / Windows / Linux / BSD / OS X and all other server operating systems or network devices (see /etc/services file):

  • 21: FTP Server
  • 22: SSH Server (remote login)
  • 25: SMTP (mail server)
  • 53: Domain Name System (Bind 9 server)
  • 80: World Wide Web (HTTPD server)
  • 110: POP3 mail server
  • 143: IMAP mail server
  • 443: HTTP over Transport Layer Security/Secure Sockets Layer (HTTPDS server)
  • 445: microsoft-ds, Server Message Block over TCP

How Do I See Open Ports and Socket Information Under UNIX or Linux?

You can use the netstat command:
# netstat -tulpn
FreeBSD specific example:
# sockstat -l
To list open IPv4 connections use the lsof command:
# lsof -Pnl +M -i4
The ss command is used to dump socket statistics. It allows showing information similar to netstat command. It can display more TCP and state information than other tools
# ss -s
# ss -l
# ss -pl
# ss -o state established '( dport = :smtp or sport = :smtp )'


Each TCP or UDP port is opened using a UNIX service or daemon such as Apache web server. You can also write a program using C, C++, Perl, Shell or Bash to open any port. You can also use utilities such as nc command .

Apache Server Example (open TCP port 80)

Start the Apache web server under FreeBSD as follows to open TCP port 80:
# /usr/local/etc/rc.d/apache22 forcestart
# /usr/local/etc/rc.d/apache22 start
To displays listening sockets (open ports) under FreeBSD, enter:
# sockstat -l
# netstat -nat | grep LISTEN
You should see port 80 opened under FreeBSD. Under CentOS or Redhat (RHEL) Linux, you can open port 80 using the following commands:
# service httpd start
# chkconfig httpd on
# netstat -tulpn | grep :80

Firewall Configuration

All port numbers are encoded in the transport protocol packet header, and they can be read by other components of the network stack such as firewall. Firewall can be used for port forwarding or denying access to open port. For example, block an abusing IP address called using UNIX firewall. In other words, Apache port is open but it may be blocked by UNIX (pf) or Linux (iptables) firewall. You also need to open port at firewall level. In this example, open tcp port 80 using Linux iptables firewall tool:
# /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# service iptables save

See also:

  1. tcp4 0 0 *.5555 *.* LISTEN tcp4 0 0 *.* LISTEN tcp4 0 0 *.* LISTEN tcp4 0 0 *.* LISTEN tcp4 0 0 *.* LISTEN tcp4 0 0 *.* LISTEN tcp4 0 0 *.* LISTEN tcp6 0 0 ::1.631 *.* LISTEN

    Python Example

    Create a file called echo_server.py:

    # Demo server to open port 8888
    # Modified from Python tutorial docs
    import socket
    HOST = ''       # Hostname to bind
    PORT = 8888              # Open non-privileged port 8888
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind((HOST, PORT))
    conn, addr = s.accept()
    print 'Connected by', addr
    while 1:
        data = conn.recv(1024)
        if not data: break

    Create a file called echo_client.py:

    # Demo client program
    # Modified from Python tutorial docs
    import socket
    HOST = ''    	# Set the remote host, for testing it is localhost
    PORT = 8000            # The same port as used by the server
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((HOST, PORT))
    s.send('Where there is love there is life')
    data = s.recv(1024)
    print 'Received', repr(data)

    Save and close the file. Run it as follows:
    $ chmod +x *.py
    Start server, enter:
    $ ./echo_server.py
    $ netstat -nat | grep LISTEN

    On a second console connect to the localhost and port being listened on using echo_client.py:
    $ ./echo_client.py

    Programming Language Specific Examples

    Discussion regarding Sockets and TCP/IP network programming is beyond the scope of this FAQ. I suggest you visit the following web-pages:

    Recommended readings:

    • Port Numbers: The Internet Assigned Numbers Authority (IANA).
    • Python documentation: See networking and sockets section.
    • TCP: Transmission Control Protocol.
    • Perl specific TCP/IP networking using IO::Socket::INET.
    • UNIX socket: Programming in C UNIX System Calls and Subroutines using C.
    • man pages - ss, netstat, lsof, sockstat, nc, services, ntsysv
    Share this tutorial on:

    Your support makes a big difference:
    I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
    Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

    Don't Miss Any Linux and Unix Tips

    Get nixCraft in your inbox. It's free:

{ 15 comments… add one }
  • Sonique September 3, 2010, 8:18 am

    Awesome! Big thanks for this useful article!

  • Luis September 4, 2010, 11:00 pm

    Great article, thanks!!

  • William September 5, 2010, 4:57 am

    Really useful

  • Snehal January 15, 2012, 3:56 pm

    Thanks for such a nice article. Really helpful.

  • Mrbronz April 2, 2012, 7:23 pm

    Tells me everything I needed to know
    Love it many thanks

  • edisonex May 24, 2012, 7:02 pm

    it is just what I was looking for

  • Ranjith May 26, 2012, 9:46 am

    Usefull document

  • alireza August 14, 2012, 8:12 am

    when I wanted to use my msfconsole in my BT5 i had this error:
    “connection refused.Is the server running on the “localhost” and accepting TCP/IP connections on port 7337″
    I think sth is wrong with my 7337…
    I d be so thankful if any body can help me with my problem….

  • Nil Geisweiller October 5, 2014, 8:28 am

    Thanks, that helped me understand how the server client connection works. However there is an error in the echo_{server,client}.py, the ports don’t match.

  • Shaun October 19, 2014, 1:21 am

    Really helpful

  • Kuba April 3, 2015, 12:43 pm

    can you close the port and not just block it by iptables?

  • pratik October 7, 2015, 5:19 am

    hey I have a sun server 11. I need to send sys log from my server to one NMS server. In linux i do the following thing
    1. At the end of the syslog.conf edit NMS server IP *.* tab NMS_Server_IP and restart the syslog service.

    Anyone please help me how can I do the same thing in sun solaris 11 means please tell me the command how can I edit the NMS server ip in the syslog.conf and restart the syslog service

  • Eduardo April 12, 2016, 2:02 am

    Many thanks! Nicely written!

  • cap June 6, 2016, 2:48 pm

    Nice one!!

  • rjaac September 24, 2016, 6:58 pm

    Thank you for your time in writing this most excellent article. Kudos.

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,