5 Ways to Check Open Ports on Linux

Ports are like doorways that let apps and programs on your Linux system send and receive data. If you want to see which ports are in use, which ones are open, or just figure out what's going on with your network, you've come to the right place.

In this guide, we'll walk through multiple ways to check ports in Linux using simple commands. By the end, you'll feel more comfortable working with ports and knowing what's happening on your system.

What Are Ports?

Before jumping into the commands, let's take a moment to understand what ports are:

• Ports are numbers that identify specific programs or apps running on your computer. For example:
  • Web server ports are typically use port 80 (HTTP) or port 443 (HTTPS).
  • Remote logins through SSH typically use port 22.
• Every port has a number between 0 and 65535, which fall into three main groups:
  • 0–1023: Reserved for common protocols like HTTP and FTP.
  • 1024–49151: For applications you install.
  • 49152–65535: Temporary ports used when apps connect to a service.

With that out of the way, let's explore how to check what's happening with your ports.

How to Check Ports in Linux

Linux has a number of tools to help you check open or listening ports. Below, we'll walk through five common methods and explain what each one does.

1. Using netstat

The netstat command gives you a detailed view of network connections and port usage.

Open a terminal and type:

netstat -tuln

Here's what each option means:

• -t: Show TCP (Transmission Control Protocol) ports.
• -u: Show UDP (User Datagram Protocol) ports.
• -l: Show only ports that are actively listening.
• -n: Skip translating program names (e.g., "ssh") into port numbers, which makes it faster.

What You'll See:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:68              0.0.0.0:*

Here's how to read this:

• Proto: Shows whether it's TCP or UDP.
• Local Address: Your machine's IP and the port in use.
• Foreign Address: The IP and port of the other machine (or * if it's open to all).
• State: For TCP, LISTEN means it's waiting for connections.

Quick Note: netstat is part of the net-tools package, which may not come pre-installed on newer Linux versions. Install it using:

sudo apt install net-tools  # On Debian/Ubuntu  
sudo yum install net-tools  # On RHEL/CentOS 

2. Using ss

ss is a newer, faster alternative to netstat. It gives similar information but works better on modern systems.

Run the following command:

ss -tuln

The options are the same as netstat, so you should be able to jump right in.

What You'll See:

Netid   State      Recv-Q Send-Q Local Address:Port           Peer Address:Port
tcp     LISTEN     0      128    0.0.0.0:22                  0.0.0.0:*         
udp     UNCONN     0      0      0.0.0.0:68                  0.0.0.0:*

This output is similar to netstat, but ss tends to be faster, especially if you're dealing with a lot of connections.

3. Using lsof

lsof (List Open Files) is a handy tool for seeing which files or network connections are being used by processes.

To see which ports are open and what's using them, run:

sudo lsof -i -P -n

• -i: Filters for network-related files.
• -P: Shows raw port numbers instead of service names.
• -n: Skips translating IP addresses to hostnames for speed.

What You'll See:

COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd      1234 root   3u  IPv4  12345      0t0  TCP *:22 (LISTEN)
dhclient  5678 root   6u  IPv4  54321      0t0  UDP *:68

• COMMAND: The program using the port.
• PID: The process ID.
• NAME: The port and protocol (e.g., TCP on port 22).

Why It's Useful:

If you're troubleshooting and need to find out which process is using a specific port, lsof is your go-to tool.

4. Using nmap

nmap (Network Mapper) is ideal for scanning networks and checking which ports are open.

To scan all ports, run:

sudo nmap -sT -p- localhost

• -sT: Performs a TCP connect scan.
• -p-: Scans all 65,535 ports.

What You'll See:

PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https

• PORT: The port number and protocol (TCP or UDP).
• STATE: Tells you if the port is open, closed, or filtered (blocked by a firewall).
• SERVICE: The common name of the service using the port.

Why nmap is Useful:

nmap is great if you want a complete view of all open ports on your system or need to scan another machine.

5. Using nc (Netcat)

Netcat is a simple but powerful tool for checking if a specific port is open.

To check if port 22 is open, type:

nc -zv localhost 22

• -z: Just scan for open ports without sending data.
• -v: Show detailed output.

What You'll See:

Connection to localhost 22 port [tcp/ssh] succeeded!

Why It's Useful:

If you just need to quickly check whether a specific port is open, nc does the job without much fuss.

Making Sense of the Results

When you check ports, here's what the results usually mean:

• Listening/Open Ports: These ports are ready to accept connections. For example, a web server will listen on port 80 or 443.
• Closed Ports: These ports aren't in use, so they won't accept connections.
• Filtered Ports: These ports are blocked by a firewall or security rule, so they appear invisible.

Common Scenarios

When checking ports, you may come across the following scenarios:

• You see a port open you didn't expect: This might mean a program is running that you don't need or recognize. It's a good idea to investigate further.
• A port you need is closed: The program might not be running, or a firewall could be blocking it.

Securing Your System

Checking ports is just the first step. Here are a few ways to tidy things up:

Stop Unnecessary programs:
If a program is running on a port you don't need, turn it off:

sudo systemctl stop <service_name>
sudo systemctl disable <service_name>

Use a Firewall:
Limit access to ports using a tool like ufw (Uncomplicated Firewall):

sudo ufw allow 22     # Allow SSH  
sudo ufw deny 80      # Block HTTP

Regularly Monitor Ports:
Make it a habit to check open ports now and then, especially if you're running a server.

Wrapping Up

Checking ports in Linux doesn't have to be complicated. Whether you use netstat, ss, lsof, nmap, or nc, each tool gives you a slightly different view of what's going on. Pick the one that works best for your needs and don't be afraid to explore. The more you practice, the easier it gets!