HowTo: UNIX / Linux Open TCP / UDP Ports

How do I open the TCP or UDP ports under UNIX / Linux like operating systems?

A port is an application-specific or process-specific software construct serving as a communications endpoint and it is identified by its number such as TCP port number 80 . It is used by TCP and UDP of the Internet Protocol Suite. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535.

        UNIX / Linux 
    | Networking stack |
    |      eth0        |
    |  Apache process  |--> Binding port 80 @ IP 

In the above example Apache process associates its input and output channel file descriptors (fd) with a port number 80 and an IP address This is known as binding. It is used to send and receive web pages via UNIX / Linux operating system’s networking stack (software). In other words communication is done using application ports. When you start the Apache you open port 80 for communication. Common services such as web, mail, pop3 et all use use specifically reserved, well-known port numbers for receiving service requests from client hosts. The well-known ports are defined the Internet Assigned Numbers Authority (IANA). Type the following command to see list well-known of TCP and UDP port numbers:
$ less /etc/services
grep -w 80 /etc/services

Sample outputs:

www		80/tcp		http		# WorldWideWeb HTTP
www		80/udp				# HyperText Transfer Protocol

Privileged Ports

Typically port number less than 1024 are used by well know network servers such as Apache. Under UNIX and Linux like oses root (super user) privileges are required to open privileged ports. Almost all clients uses a high port numbers for short term use. This is also known as an ephemeral port. For example Apache use TCP port 80

  Server                         Client w/ Firefox
 +----------+                    +----------------+       
 | Apache   |                    | connects using | 
 | TCP Port |                    | an ephemeral   |
 | 80 @     |<-----> eth0 <----> | port #         |  
 ||                    | 46025          | 
 +----------+                    +----------------+

The port numbers are divided into three ranges:

  1. Well Known Ports: those from 0 through 1023.
  2. Registered Ports: those from 1024 through 49151
  3. Dynamic and/or Private Ports: those from 49152 through 65535

You can increase local port range by typing the following command (Linux specific example):
# echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
You can also increase or decrease socket timeout (Linux specific example):
# echo 2000 > /proc/sys/net/ipv4/tcp_keepalive_time

Common Well Known Port Numbers

The following are used by UNIX / Windows / Linux / BSD / OS X and all other server operating systems or network devices (see /etc/services file):

  • 21: FTP Server
  • 22: SSH Server (remote login)
  • 25: SMTP (mail server)
  • 53: Domain Name System (Bind 9 server)
  • 80: World Wide Web (HTTPD server)
  • 110: POP3 mail server
  • 143: IMAP mail server
  • 443: HTTP over Transport Layer Security/Secure Sockets Layer (HTTPDS server)
  • 445: microsoft-ds, Server Message Block over TCP

How Do I See Open Ports and Socket Information Under UNIX or Linux?

You can use the netstat command:
# netstat -tulpn
FreeBSD specific example:
# sockstat -l
To list open IPv4 connections use the lsof command:
# lsof -Pnl +M -i4
The ss command is used to dump socket statistics. It allows showing information similar to netstat command. It can display more TCP and state information than other tools
# ss -s
# ss -l
# ss -pl
# ss -o state established '( dport = :smtp or sport = :smtp )'


Each TCP or UDP port is opened using a UNIX service or daemon such as Apache web server. You can also write a program using C, C++, Perl, Shell or Bash to open any port. You can also use utilities such as nc command .

Apache Server Example (open TCP port 80)

Start the Apache web server under FreeBSD as follows to open TCP port 80:
# /usr/local/etc/rc.d/apache22 forcestart
# /usr/local/etc/rc.d/apache22 start
To displays listening sockets (open ports) under FreeBSD, enter:
# sockstat -l
# netstat -nat | grep LISTEN
You should see port 80 opened under FreeBSD. Under CentOS or Redhat (RHEL) Linux, you can open port 80 using the following commands:
# service httpd start
# chkconfig httpd on
# netstat -tulpn | grep :80

Firewall Configuration

All port numbers are encoded in the transport protocol packet header, and they can be read by other components of the network stack such as firewall. Firewall can be used for port forwarding or denying access to open port. For example, block an abusing IP address called using UNIX firewall. In other words, Apache port is open but it may be blocked by UNIX (pf) or Linux (iptables) firewall. You also need to open port at firewall level. In this example, open tcp port 80 using Linux iptables firewall tool:
# /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# service iptables save

See also:

  1. CentOS / Redhat Linux Iptables Firewall Configuration Tutorial
  2. Redhat / CentOS / Fedora Linux Open Port
  3. FreeBSD Setting up Firewall using IPFW
  4. OpenBSD PF Firewall Script – /etc/pf.conf File

nc Command Example

The nc (or netcat utility) is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. In this example, open port 5000 using nc command:
$ nc -l 5000
On a second console or from a second UNIX / Linux machine, connect to the machine and port being listened on:
$ nc localhost 5000
$ nc 5000
In this example, send data from one computer to another:
$ nc -l 5555 > output.txt
Using a second machine, connect to the listening nc process (@ port 5555), feeding it the file which is to be transferred:
$ nc 5555 < input.txt
You can run netstat command to view open ports:
$ netstat -a
$ netstat -nat | grep LISTEN

Sample outputs:

tcp4       0      0  *.5555                 *.*                    LISTEN
tcp4       0      0           *.*                    LISTEN
tcp4       0      0        *.*                    LISTEN
tcp4       0      0      *.*                    LISTEN
tcp4       0      0          *.*                    LISTEN
tcp4       0      0           *.*                    LISTEN
tcp4       0      0          *.*                    LISTEN
tcp6       0      0  ::1.631                *.*                    LISTEN

Python Example

Create a file called

# Demo server to open port 8888
# Modified from Python tutorial docs
import socket
HOST = ''       # Hostname to bind
PORT = 8888              # Open non-privileged port 8888
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
conn, addr = s.accept()
print 'Connected by', addr
while 1:
    data = conn.recv(1024)
    if not data: break

Create a file called

# Demo client program
# Modified from Python tutorial docs
import socket
HOST = ''    	# Set the remote host, for testing it is localhost
PORT = 8000            # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.send('Where there is love there is life')
data = s.recv(1024)
print 'Received', repr(data)

Save and close the file. Run it as follows:
$ chmod +x *.py
Start server, enter:
$ ./
$ netstat -nat | grep LISTEN

On a second console connect to the localhost and port being listened on using
$ ./

Programming Language Specific Examples

Discussion regarding Sockets and TCP/IP network programming is beyond the scope of this FAQ. I suggest you visit the following web-pages:

Recommended readings:

  • Port Numbers: The Internet Assigned Numbers Authority (IANA).
  • Python documentation: See networking and sockets section.
  • TCP: Transmission Control Protocol.
  • Perl specific TCP/IP networking using IO::Socket::INET.
  • UNIX socket: Programming in C UNIX System Calls and Subroutines using C.
  • man pages - ss, netstat, lsof, sockstat, nc, services, ntsysv

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 15 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
15 comments… add one
  • Sonique Sep 3, 2010 @ 8:18

    Awesome! Big thanks for this useful article!

  • Luis Sep 4, 2010 @ 23:00

    Great article, thanks!!

  • William Sep 5, 2010 @ 4:57

    Really useful

  • Snehal Jan 15, 2012 @ 15:56

    Thanks for such a nice article. Really helpful.

  • Mrbronz Apr 2, 2012 @ 19:23

    Tells me everything I needed to know
    Love it many thanks

  • edisonex May 24, 2012 @ 19:02

    it is just what I was looking for

  • Ranjith May 26, 2012 @ 9:46

    Usefull document

  • alireza Aug 14, 2012 @ 8:12

    when I wanted to use my msfconsole in my BT5 i had this error:
    “connection refused.Is the server running on the “localhost” and accepting TCP/IP connections on port 7337″
    I think sth is wrong with my 7337…
    I d be so thankful if any body can help me with my problem….

  • Nil Geisweiller Oct 5, 2014 @ 8:28

    Thanks, that helped me understand how the server client connection works. However there is an error in the echo_{server,client}.py, the ports don’t match.

  • Shaun Oct 19, 2014 @ 1:21

    Really helpful

  • Kuba Apr 3, 2015 @ 12:43

    can you close the port and not just block it by iptables?

  • pratik Oct 7, 2015 @ 5:19

    hey I have a sun server 11. I need to send sys log from my server to one NMS server. In linux i do the following thing
    1. At the end of the syslog.conf edit NMS server IP *.* tab NMS_Server_IP and restart the syslog service.

    Anyone please help me how can I do the same thing in sun solaris 11 means please tell me the command how can I edit the NMS server ip in the syslog.conf and restart the syslog service

  • Eduardo Apr 12, 2016 @ 2:02

    Many thanks! Nicely written!

  • cap Jun 6, 2016 @ 14:48

    Nice one!!

  • rjaac Sep 24, 2016 @ 18:58

    Thank you for your time in writing this most excellent article. Kudos.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum