I found some info on using bash and netcat to monitor ports/sockets. I am wanting to watch all ports for activity and notify me.
Some ports are set up by the browser for info coming back from their targets. Is there a way to find which ports a browser has set up like this? My goal is to notify me when a port is active and by whom. Is there a quick way to do this with bash/netcat/netstat?
Does the netstat (lipt -I think is what I used) listing of listening ports really include all active ports?
Checking for open/closed ports across ALL registered ports is a major task time wise event with netcat/nc/ncat. Is there a really fast way to do that? Lots of questions but all related to monitoring ports so thanks for the help.

Many ports are ephemeral so tools that check for them on the fly will only see them if they happen to be active at the moment the command was run. The best way to monitor ports in general is to use a tool like tcpdump or wireshark which captures traffic as it occurs. If you look at the man page (e.g. man tcpdump) you can see it will allow you to specify which interface, which port, which destinations, which source etc... using various flags.

For quick glimpse of things I prefer to use "lsof -i". Other flags in lsof will let you specify numeric values rather than name lookups.

Ports aren't "registered" - they are used on demand. The /etc/services file has well known ports and purposes but in reality one can use any port that isn't already in use. Ports below 1000 can only be started by root.

Most traffic has 2 connections (at least) with one side being a well known and defined port for the application (e.g. port 80 for http or 443 for https, 22 for ssh, etc...) but a lot of the connections on the other side will use random ports. So for example traffic going to port 80 on your web server will always have port 80 on one side of the connection but could have many different ports for different connections on the other side. In such situations it is better to pay attention to the IP part of the socket than the port part.

Thanks 4 UR input but btw ncat/netcat/nc will allow for continuous monitoring (listening).
1) Still need a solution as to where bowsers keep a list of ports they are currently employing to download info and responses from web servers.
2) are the listening ports shown by netstat truly ALL that are active?
3) has anyone used bash and tcpdump/netcat/et. al. to monitor and alert the pc/server user of transgressions?
Also the registered ports are 1025=49151 like dynamic are 49152-65535 and reserved/well known are 1-1024 sorry for confusion that may have created.

"LISTEN"ing on a port is not the same thing as "monitoring" it. When port is being "LISTEN"ed on it is simply waiting for connections to be made to it. When a connection is "ESTABLISHED" it is established to a port that was LISTENing.

From your original post you were using nc to "LISTEN" and to "ESTABLISH" but wanted to be able to "monitor" the connections. My response was to the "monitor" part of the question.

If the connection is ESTABLISHED and active then lsof -i will show it to you as a point in time. If you're doing active traffic you want to do tcpdump to capture it.