Discover Which Ports Are Available and Active on Your Raspberry Pi with These Easy Steps
Learn how to check open ports on your Raspberry Pi using command line tools. Identify which ports are available, active, and blocked to optimize your device’s security and performance. …
Updated August 24, 2023
Learn how to check open ports on your Raspberry Pi using command line tools. Identify which ports are available, active, and blocked to optimize your device’s security and performance.
Before we begin, make sure that you have the necessary permissions to access these tools. If you’re not comfortable working with command line interfaces, you may want to enlist the help of an experienced user or administrator.
Log in to your Raspberry Pi via SSH (Secure Shell) or directly at the terminal.
Update your system by running the following command:
sudo apt-get update && sudo apt-get upgrade
This ensures that you have all the latest security updates and tools installed.
- Install netstat, a tool used to display network connections, routing tables, interface statistics, and more. Run:
sudo apt-get install net-tools
- Check active connections using the
netstatcommand. By default, it displays all established connections, listening sockets, and routing tables. To view only open ports, add the-tulnflags like this:
netstat -tuln
The output will look something like this:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
- The first column shows the protocol (TCP or UDP).
- The second and third columns display the local address and port number.
- The fourth column shows the remote address and port number (if applicable).
- The fifth column indicates the state of the connection (LISTEN, ESTABLISHED, etc.).
- The last column displays the process ID or program name associated with the connection.
Interpret the output to determine which ports are open on your Raspberry Pi:
127.0.0.1:53is the local DNS resolver, which listens for incoming requests on port 53.0.0.0.0:80is a web server listening on all interfaces (any IP address) on port 80.0.0.0.0:22is the SSH service, which listens for incoming connections on port 22.
Check closed and filtered ports using the
nmaptool. First, install it with:
sudo apt-get install nmap
Then, run a port scan on your Raspberry Pi’s IP address or hostname:
nmap -sS -O 127.0.0.1
This command will perform a SYN scan (-sS) and detect the operating system (-O) of the target machine. The output will show open, closed, and filtered ports on your Raspberry Pi:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-05 12:34 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https
33000/tcp open ppp
This output indicates that ports 22, 53, 80, and 443 are open. Ports 3000 is also open but has no associated service name, as it’s used for a custom application. You can use the netstat command to determine the process or program using these ports.
- Close unnecessary ports to improve security and reduce the risk of attack. To close port 3000, for example, edit your Raspberry Pi’s firewall configuration file:
sudo nano /etc/iptables.ipv4.nat
Add a rule to block incoming connections on port 3000:
-A PREROUTING -p tcp -m tcp --dport 3000 -j DROP
Save and exit the file, then restart the firewall service:
sudo systemctl restart iptables.ipv4.nat
Now port 3000 is closed and no longer available for incoming connections.
In conclusion, checking open ports on your Raspberry Pi helps you maintain better security and performance by identifying which ones are active and closing unnecessary ones. With the knowledge gained from this article, you can confidently manage your device’s network settings and optimize its functionality.