How to Check Network Port Security
Check network port security on Linux servers. Monitor listening ports, verify port access, detect unauthorized ports, and set up automated port security monitoring with Zuzia.app.
How to Check Network Port Security
Need to check network port security on your Linux server? Want to monitor listening ports, verify port access, and detect unauthorized ports? This guide shows you how to check network port security using built-in commands and automated monitoring with Zuzia.app.
For comprehensive network security monitoring strategies, see Network Firewall Rules and iptables Monitoring Guide. For troubleshooting network security issues, see Firewall Rules Blocking Legitimate Traffic.
Why Checking Network Port Security Matters
Network ports provide access to services and applications. When unauthorized ports are open or ports are misconfigured, security vulnerabilities can be exposed, unauthorized access can occur, and system security can be compromised. Checking network port security helps you detect unauthorized ports, verify port configurations, maintain port security, and ensure only necessary ports are open.
Method 1: List Listening Ports
List listening ports to see what ports are open:
View Listening Ports
# View all listening ports
netstat -tuln
# View listening ports with process names
netstat -tulpn
# View listening ports by protocol
netstat -tuln | grep LISTEN
# View listening ports with details
ss -tulpn
Analyze Port Information
# View ports by number
netstat -tuln | awk '{print $4}' | awk -F: '{print $NF}' | sort -n | uniq
# View ports by process
netstat -tulpn | awk '{print $7, $4}'
# Check for specific ports
netstat -tuln | grep ":22\|:80\|:443"
# View port status
ss -tuln | grep LISTEN
Method 2: Verify Port Access
Verify port access to ensure ports are properly secured:
Check Port Accessibility
# Test port connectivity
nc -zv localhost 22
# Test multiple ports
for port in 22 80 443; do
nc -zv localhost $port && echo "$port: OPEN" || echo "$port: CLOSED"
done
# Test port from external host
telnet server-ip 22
# Verify port is listening
netstat -tuln | grep ":22"
Monitor Port Status
# Check port status changes
netstat -tuln > /tmp/ports-current.txt
diff /tmp/ports-previous.txt /tmp/ports-current.txt
# Monitor ports in real-time
watch -n 1 'netstat -tuln | grep LISTEN'
# Track port modifications
netstat -tuln | awk '{print $4}' | sort > /tmp/ports-$(date +%Y%m%d).txt
Method 3: Detect Unauthorized Ports
Detect unauthorized ports to identify security issues:
Identify Unexpected Ports
# Check for unexpected listening ports
netstat -tuln | grep LISTEN | grep -v ":22\|:80\|:443\|:3306"
# Compare with expected ports
expected_ports="22 80 443 3306"
current_ports=$(netstat -tuln | grep LISTEN | awk '{print $4}' | awk -F: '{print $NF}')
for port in $current_ports; do
echo $expected_ports | grep -q $port || echo "Unexpected port: $port"
done
# Check for unauthorized services
netstat -tulpn | grep LISTEN | awk '{print $7}' | sort | uniq
Monitor Port Changes
# Detect new listening ports
netstat -tuln | grep LISTEN > /tmp/ports-current.txt
comm -13 <(sort /tmp/ports-baseline.txt) <(sort /tmp/ports-current.txt)
# Check for port removals
comm -23 <(sort /tmp/ports-baseline.txt) <(sort /tmp/ports-current.txt)
# Verify port configuration
netstat -tuln | diff - /backup/ports-baseline.txt
Method 4: Automated Port Security Monitoring with Zuzia.app
While manual port security checks work for audits, production Linux servers require automated port security monitoring that continuously tracks listening ports, detects unauthorized ports, and alerts you when port security issues occur.
How Zuzia.app Port Security Monitoring Works
Zuzia.app automatically monitors network port security through scheduled command execution. The platform checks listening ports, compares with expected ports, detects unauthorized ports, and sends alerts when port security issues are detected.
Setting Up Port Security Monitoring
-
Add Scheduled Task for Port Monitoring
- Command:
netstat -tuln | grep LISTEN | wc -l - Frequency: Every 15 minutes
- Alert when: Port count changes unexpectedly
- Command:
-
Configure Unauthorized Port Detection
- Command:
netstat -tuln | grep LISTEN | grep -v ":22\|:80\|:443" | wc -l - Frequency: Every 15 minutes
- Alert when: Unauthorized ports detected
- Command:
-
Set Up Port Comparison
- Command:
netstat -tuln | grep LISTEN | diff - /backup/ports-baseline.txt - Frequency: Every 30 minutes
- Alert when: Port differences detected
- Command:
Custom Port Security Monitoring Commands
Add these commands as scheduled tasks:
# Check listening ports
netstat -tuln | grep LISTEN
# Verify expected ports
netstat -tuln | grep -E ":22|:80|:443"
# Detect unauthorized ports
netstat -tuln | grep LISTEN | grep -v ":22\|:80\|:443\|:3306"
# Monitor port changes
netstat -tuln | grep LISTEN | diff - /backup/ports-baseline.txt
Best Practices
1. Monitor Port Security Continuously
Use Zuzia.app for continuous port security monitoring. Set up alerts before port issues become critical. Review port configurations regularly.
2. Maintain Port Baselines
Keep accurate port baselines. Document expected ports. Update baselines when authorized changes occur.
3. Detect Unauthorized Ports
Monitor all listening ports. Detect unauthorized ports immediately. Verify port configurations. Respond to port security issues quickly.
Troubleshooting
Unauthorized Port Detected
When unauthorized ports are detected:
- Review listening ports:
netstat -tuln | grep LISTEN - Identify port purpose:
netstat -tulpn | grep PORT_NUMBER - Verify port authorization
- Close unauthorized ports if needed
Port Security Issues
When port security issues occur:
- Check port configuration:
netstat -tuln | grep LISTEN - Compare with baseline:
diff /backup/ports-baseline.txt <(netstat -tuln | grep LISTEN) - Verify port access controls
- Fix port security issues