How to Check Open and Listening Ports in Linux

December 12, 2022

How to Check Open and Listening Ports in Linux

This guide is part of the “Linux Commands” series. This series is focused on providing an in-depth overview of Linux commands and tools, in an easy-to-follow manner!


In this article, we will look at how to use the netstat, ss, and lsof commands to check which ports are open and listening on a Linux system. These commands can be useful for network administrators who need to identify potential security vulnerabilities or troubleshoot network connectivity issues.

We will also look at examples of how to use each command and explain the information that is displayed by each command. Whether you are a seasoned Linux user or a newcomer to the platform, this article will provide the necessary information on monitoring network activity on your Linux system.


Checking ports with: netstat

Here is an example of how to use the netstat command to view listening ports on a Linux system:

  1. Open a terminal window on your Linux system.
  2. At the command prompt, type netstat -tulpn and press Enter. This will display a list of active connections, as well as the ports on which the system is listening for new connections.

The output of the netstat command will show the following information for each active connection:

  • The protocol (TCP or UDP) used by the connection
  • The local address and port number
  • The foreign address and port number
  • The state of the connection (e.g., ESTABLISHED, CLOSE_WAIT, etc.)
  • The PID of the process that owns the connection

For example, the output of the netstat command might look something like this:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:6081            0.0.0.0:*               LISTEN      808/varnishd
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      808/varnishd
tcp        0      0 0.0.0.0:22            0.0.0.0:*               LISTEN      824/sshd: /usr/sbin
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      118917/systemd-reso

This example shows that the system is listening on port 22 (SSH) and port 6082 (Varnish).


Checking ports with: ss

The "ss" command is another command-line utility that can be used to view active network connections and listening ports on a Linux system. It is similar to the netstat command, but it provides more detailed information and can be used with various options to display the information in different formats.

To view listening ports on a Linux system using the "ss" command, you can use the following syntax:

ss -tulpn

This command will display a list of active connections and the ports on which the system is listening for new connections. The output will include the following information for each connection:

  • The protocol (TCP or UDP) used by the connection
  • The local address and port number
  • The foreign address and port number
  • The state of the connection (e.g., ESTABLISHED, CLOSE_WAIT, etc.)
  • The process ID (PID) of the process that owns the connection

For example, the output of the "ss" command might look something like this:

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
udp   UNCONN 0      0      127.0.0.53%lo:53         0.0.0.0:*    users:(("systemd-resolve",pid=118917,fd=12))
tcp   LISTEN 0      1024         0.0.0.0:6081       0.0.0.0:*    users:(("cache-main",pid=1150,fd=3),("varnishd",pid=808,fd=3))
tcp   LISTEN 0      10         127.0.0.1:6082       0.0.0.0:*    users:(("varnishd",pid=808,fd=7))
tcp   LISTEN 0      128          0.0.0.0:22       0.0.0.0:*    users:(("sshd",pid=824,fd=3))

Checking ports with: lsof

To view listening ports on a Linux system using the lsof command, you can use the following syntax:

lsof -i -P

This command will display a list of active network connections and the ports on which the system is listening for new connections. The output will include the following information for each connection:

  • The process ID (PID) of the process that owns the connection
  • The user ID (UID) of the user that owns the process
  • The protocol (TCP or UDP) used by the connection
  • The local address and port number
  • The foreign address and port number

For example, the output of the lsof command might look something like this:

COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd     1234   root    3u  IPv4  12345      0t0  TCP *:22 (LISTEN)
cupsd    2468   root    8u  IPv6  67890      0t0  TCP *:631 (LISTEN)
sendmail 3650   root   16u  IPv4  34567      0t0  TCP *:25 (LISTEN)

In this example, we can see that the system is listening on port 22 (SSH), port 631 (CUPS), and port 25 (SMTP) for incoming connections.