Network PentestPenetration Testing

How To Check If A Port Is Open In Windows, Linux, And macOS?

In this article, we will check which ports are opened in Windows, Linux, or Mac. What if you’re troubleshooting a network or suspicious about specific programs that can be remotely exploited, just like WannaCry Ransomware?

It is important to know what ports are opened so you can close them to avoid getting hacked or infected with ransomware.

You must have heard about the WannaCry cyberattack a few years back. Attackers scanned the internet for every single device that had ports: 445, 137, 138, and 139 opened, and it is estimated that 230,000 Windows PCs across 150 countries were infected with the rate of 10,000 devices per hour by WannaCry ransomware.

Enough to scare you? So, let’s find out what ports are opened in Windows, Linux, and macOS.

Windows: Check Open Ports

1. How to check if a port is open using telnet?

Checking if a port is open through telnet is a simple and quick way, but it doesn’t come pre-installed in Windows OS, so we have to install telnet first to find out which port is opened and investigate specific applications.

Let’s install telnet in Windows:

  1. Open CMD and Run the Following Command: pkgmgr /iu:”TelnetClient

And done! Telnet would be installed.

Telnet comes pre-installed in Linux and macOS because they’re both built on Unix-based systems.

Check Ports Status Using Telnet in Windows, Linux, and macOS

Because these commands would work similarly in Windows, Linux, and macOS.

Telnet Command Syntax

telnet [ host [ port ] ]

  • Host: This would be the IP Address or Domain Name of the server where you’re trying to connect.
  • Port: The Port Number where the server must be listening for connections that we’re identifying.

For Example:

If we want to test the localhost or local server 127.0.0.1 and listen to port 445 we just have to enter the following command:

In this case, the firewall must be blocking establishing a connection. If the port is closed you would get this output: “Could not open connection to the host, on port 139: Connect failed”

2. Checking if a port is open through ‘netstat commands’?

Checking open ports through the Netstat tool is the simplest and easiest way because Netstat comes pre-installed on Windows OS and Unix-based systems like macOS and Linux.

Netstat Commands: (Netstat Cheatsheet)

[OPTION] Command Description
netstat Standard listing of all active connections
-a netstat -a Displays all active ports
-e netstat -e Shows statistics about your network connection (received and sent data packets, etc.)
-i netstat -i Brings up the netstat overview menu
-n netstat -n Numerical display of addresses and port numbers
-p protocol netstat -p TCP Displays the connections for the specified protocol, in this case TCP (also possible: UDP, TCPv6, or UDPv6)
-q netstat -q Lists all connections, all listening TCP ports, and all open TCP ports that are not listening
-r netstat -r Displays the IP routing table
-s netstat -s Retrieves statistics about the important network protocols such as TCP, IP, or UDP

Let’s find out what ports are opened using netstat commands. In this case, we’re gonna use ‘netstat -ano‘ and ‘netstat ab‘.

This dumps all the established connections between local IP Addresses to foreign addresses with ports.

Now, let’s use ‘netstat -ab‘ that will show us which executable files are listening to specific ports.

3. Check Open Ports With NirSoft CurrPorts

Let’s use the third-party tool named: NirSoft CurrPorts which gives us a cleaner GUI interface to identify the ports that we’re investigating.

First, let’s download and install this tool in Windows.

After, downloading the tool let’s open the zip file and run the cports.exe file.

This tool helps you sort out ports and processes that make it easier to go through each process and service.

To get more information about the service and IP Address let’s click randomly on any port and look through its properties.

4. Checking Open Ports With Nmap (Zenmap)

Checking open ports using Nmap is my favorite way of reconnaissance against targets. Nmap doesn’t come pre-installed on Windows or macOS, but it’s pre-installed in some Linux operating systems for Penetration Testers or Cyber Security researchers, such as Kali Linux.

Nmap is available in both Command-line and GUI interface, but for this tutorial, we’re using the GUI version named Zenmap.

Let’s head toward this URL and download and install Zenmap.

After the installation is complete let’s open the Nmap (Zenmap).

Inside, Target, you can enter the HOST or Target IP Address to scan the server for opened Ports or Services, and you have to select Profiles whether you want to do an intensive scan that takes a lot of time or a quick scan with a TCP or UDP specific scan.

Let’s do the Quick Scan for now on our localhost machine to see the list of opened ports.

We found four opened ports in our local machine, and if you think one of them should be closed now, you know which one. Pentesters use Nmap to do basic reconnaissance against their target so they can find potential vulnerabilities against them to exploit.

Linux: Check Open Ports

1. Using Telnet in Linux to Find Opened Ports?

Telnet is pre-installed in Unix-based systems, so you don’t have to go through the installation process. The usage of this tool is similar to what we did with the Windows OS that we shared above.

Telnet Command Syntax in Linux

telnet [ host [ port ] ]

2. Using Netstat Commands To Find Opened Ports?

Checking if the port is opened or not through netstat commands would be easier because it’s pre-installed and provides more information than telnet. Such as, you can dump the established connections log with executable files linked to specific ports.

But some of the options doesn’t work on Linux that we shared above.

usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }

-r, --route display routing table
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections

-v, --verbose be verbose
-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-o, --timers display timers
-c, --continuous continuous listing

-l, --listening display listening server sockets
-a, --all display all sockets (default: connected)
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-Z, --context display SELinux security context for sockets

macOS: Check Open Ports

1. Using netstat commands in macOS

We can use netstat commands in macOS to find out what ports are opened.

netstat -anp tcp | grep LISTEN
netstat -anp udp | grep LISTEN

OpenBSD

netstat -na -f inet | grep LISTEN
netstat -nat | grep LISTEN

2. Using Netcat (NC) in macOS

  1. First, click on Spotlight or press Command + Space bar.
  2. Search for terminal by typing ‘Terminal‘.
  3. Using ‘nc -zn + IP Address or Hostname + Port Number‘ (Example: nc -zn google.com 443)

If the port is opened you’ll get an output like, “Connection to www.google.com port 443 [udp/https] succeeded!

If the port is closed you’ll get an output like, “nc: connectx to www.google.com port 443 (tcp) failed: Connection refused.”

Noor Qureshi

Experienced Founder with a demonstrated history of working in the computer software industry. Skilled in Network Security and Information Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button