How to check open ports on Linux

Open ports on your Linux server indicate which services accept network connections. Monitoring these ports prevents unauthorised access and helps you troubleshoot connectivity problems.

You will check open ports using four command-line tools: ss, netstat, lsof and nmap. Each tool provides different levels of detail about listening services, active connections and port numbers.

Check ports with ss

The ss command displays socket statistics and replaces the older netstat tool on modern Linux distributions. This method shows listening ports without requiring additional package installation.

1. Connect to your server via SSH.
   Open your terminal application and connect using your server’s IP address or hostname.
2. Run the ss command.
   Type ss -tuln and press Enter. This displays all TCP and UDP listening ports in numeric format.
3. Review the output.
   Each line shows the protocol, state, local address and port number. Port 22 typically appears for SSH, port 80 for HTTP and port 443 for HTTPS.

The -t flag filters TCP connections, -u shows UDP, -l limits results to listening ports and -n displays port numbers instead of service names. You now have a complete list of services accepting connections on your server.

Check ports with netstat

The netstat command provides similar information to ss but requires the net-tools package on newer systems. This tool remains useful on older distributions and offers familiar syntax for administrators.

1. Install net-tools if needed.
   On Ubuntu or Debian, run sudo apt install net-tools. On CentOS or RHEL, use sudo yum install net-tools.
2. Run the netstat command.
   Type netstat -tuln and press Enter. The output format matches ss with protocol, state and port information.

Both ss and netstat accept the same flags for filtering results. We recommend using ss on modern systems because it processes information faster and comes pre-installed.

Check ports with lsof

The lsof command lists open files and network connections, including which process owns each listening port. This helps identify unexpected services or troubleshoot port conflicts.

1. Run lsof with sudo.
   Type sudo lsof -i -P -n | grep LISTEN and press Enter. This requires root privileges to display all processes.
2. Examine the process information.
   Each line shows the command name, process ID, user, protocol and port number. This reveals which application opened each port.

The -i flag selects network files, -P shows port numbers and -n displays numeric addresses. The grep LISTEN filter removes established connections and shows only listening ports.

Scan ports with nmap

The nmap tool scans ports from outside your server, showing which services respond to external connections. This reveals how your server appears to other machines on the network.

1. Install nmap.
   On Ubuntu or Debian, run sudo apt install nmap. On CentOS or RHEL, use sudo yum install nmap.
2. Scan your local machine.
   Type sudo nmap -sT localhost and press Enter. This performs a TCP connect scan of all standard ports.
3. Review the scan results.
   The output lists each open port with its service name and state. Closed ports do not appear in the results.

You can scan remote servers by replacing localhost with an IP address or domain name. This verifies that your firewall rules work correctly and only intended services remain accessible.

Wrapping up

You checked open ports on your Linux server using four different tools. The ss command provides quick results on modern systems, lsof identifies which processes own each port and nmap shows how your server appears externally.

Review your open ports regularly to detect unexpected services. Close unused ports through your firewall configuration and stop unnecessary services to reduce your attack surface. Our Linux VPS hosting includes firewall management and security monitoring.

If you run into any trouble, get in touch and our team will be happy to help.