How to judge a port is open or closed

Question

How I can say a port is open or closed. What's the exact meaning of Open port and closed port.

Answer 1

A port that's opened is a port to which you can connect (TCP)/ send data (UDP). It is open because a process opened it.

There are many different types of ports. These used on the Internet are TCP and UDP ports.

To see the list of existing connections you can use netstat (available under Unix and MS-Windows). Under Linux, we have the -l (--listen) command line option to limit the list to opened ports (i.e. listening ports).

> netstat -n64l
...
tcp   0   0 0.0.0.0:6000         0.0.0.0:*            LISTEN
...
udp   0   0 0.0.0.0:53           0.0.0.0:*
...
raw   0   0 0.0.0.0:1            0.0.0.0:*            7
...

In my example, I show a TCP port 6000 opened. This is generally for X11 access (so you can open windows between computers.)

The other port, 53, is a UDP port used by the DNS system. Notice that UDP port are "just opened". You can always send packets to them. You cannot create a client/server connection like you do with TCP/IP. Hence, in this case you do not see the LISTEN state.

The last entry here is "raw". This is a local type of port which only works between processes within one computer. It may be used by processes to send RPC events and such.

---

Update:

Since then netstat has been somewhat deprecated and you may want to learn about ss instead:

ss -l4n
  -- or --
ss -l6n

Unfortunately, at the moment you have to select either -4 or -6 for the corresponding stack (IPv4 or IPv6).

If you're interested in writing C/C++ code or alike, you can read that information from /proc/net/.... For example, the TCP connections are found here:

/proc/net/tcp   (IPv4)
/proc/net/tcp6  (IPv6)

Similarly, you'll see UDP files and a Unix file.

Programmatically, if you are only checking one port then you can just attempt a connection. If the port is open, then it will connect. You can then close the connection immediately.

Finally, there is the Kernel direct socket connection for socket diagnostics like so:

int s = socket(
              AF_NETLINK
            , SOCK_RAW | SOCK_CLOEXEC | SOCK_NONBLOCK
            , NETLINK_SOCK_DIAG);

The main problem I have with that one is that it does not really send you events when something changes. But you can read the current state in structures which is safer than attempting to parse files in /proc/....

I have some code handling such a socket in my eventdispatcher library. Only it still has to do a poll to get the data since the kernel does not generate events on its own (i.e. a push is much better since it only has to happen once when an event actually happens).

Answer 2

My favorite tool to check if a specific port is open or closed is telnet. You'll find this tool on all of the operating systems.

The syntax is: telnet <hostname/ip> <port>

This is what it looks like if the port is open:

telnet localhost 3306

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

This is what it looks like if the port is closed:

telnet localhost 9999

Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

Based on your use case, you may need to do this from a different machine, just to rule out firewall rules being an issue. For example, just because I am able to telnet to port 3306 locally doesn't mean that other machines are able to access port 3306. They may see it as closed due to firewall rules.

As far as what open/closed ports means, an open port allows data to be sent to a program listening on that port. In the examples above, port 3306 is open. MySQL server is listening on that port. That allows MySQL clients to connect to the MySQL database and issue queries and so on.

There are other tools to check the status of multiple ports. You can Google for Port Scanner along with the OS you are using for additional options.