When your computer acts as a server, such as a web server or a database server, that server process must listen on a port that other computers connect to.
It’s useful to be able to find out what ports are open on your Linux server should you want to connect to one of the services being served – and it’s also useful to be able to check what ports are open so that you can make sure that you aren’t sharing something you don’t intend to.
There are a few methods for checking which ports are open on Linux, and we cover all these methods in this tutorial.
About Ports
So we’ve explained that a port is used to connect to a server – but what does that actually mean?
A port is a number between 0 and 65535 and is assigned by the computer to a process. Each process can be assigned to one or more ports, but a port can only be assigned to one process.
For example, HTTP runs on port 80 by default, serving up websites, and when you SSH to a computer, you’re probably connecting on port 22, which is the default for the SSH service. The port tells the computer what process you’re trying to reach.
A service can be set to respond on any port number. Still, there is some standardization so that users don’t have to type the port number every time they connect to an online service and so that an educated guess can be made about what protocol should be used when connecting to a server.
| Well Known Ports | 0 to 1023 | Common network services like FTP, HTTP, SSH |
| Registered Ports | 1024 to 49151 | Ports registered with IANA for use with a designated application |
| Dynamic and Private Ports | 49152 to 65535 | Used when a temporary port number is required for a short-lived connection or private use |
Check if a Network Port is Open From the Server Itself
If you’re logged into the computer you wish to see what ports are open on, use one of the following tools to see which ports are open:
The netstat Command
sudo netstat -tuplen
the netstat command prints details of network connections, it has a lot of options, but these are the ones relevant to checking ports:
| -t | Show TCP protocol sockets |
| -u | Show UDP protocol sockets |
| -p | Show the program to which the socket belongs |
| -l | Show only listening sockets |
| -e | Display extended info |
| -n | Show numerical addresses |
You can check out the other options by typing:
man netstat
…into your terminal to view the manual.
Sockets are the combination of local and remote IP addresses, a protocol, and local and remote port – representing a connection between two network services.
You might think that this tool would then only show ports that have an active connection – that’s why the -l option is there, to show sockets that are only listening – i.e., open ports.
If netstat is not available on your system, you can install it in Ubuntu as part of the net-tools package:
sudo apt-get install net-tools
Here’s some example output from the netstat command showing open ports:
linuxscrew@linuxscrew-host:~$ sudo netstat -tuplen Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 29615 598/cupsd tcp6 0 0 ::1:631 :::* LISTEN 0 29614 598/cupsd udp 0 0 0.0.0.0:631 0.0.0.0:* 0 29868 668/cups-browsed
In this example, output CUPS (The Common Unix Printing System) has ports open and listening on port 631 for both TCP and UDP and IPv4 and IPv6 connections.
The ss Command
The ss command – another utility to investigate sockets:
sudo ss -tulpn
…Conveniently, it accepts the same options we used for netstat above. However, that doesn’t mean it’s a drop-in replacement; some syntax differs, so check the manual if you’re crafting your own commands:
man ss
Here’s some example output from the ss command showing open ports:
linuxscrew@linuxscrew-host:~$ sudo ss -tulpn
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:* users:(("cups-browsed",pid=668,fd=7))
tcp LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=598,fd=7))
tcp LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=598,fd=6))
In this example, output CUPS (The Common Unix Printing System) has ports open and listening on port 631 for both TCP and UDP and IPv4 and IPv6 connections.
Check if a Network Port is Open From Another Device on the Network
If you’re not logged into the computer you’re checking the ports for, you can check over the network or internet using the telnet command if it’s available on your system:
telnet ADDRESS PORT
For example:
telnet 192.168.3.1 80
To check the HTTP port on the server at IP address 192.168.3.1
If the command returns a failure message, the port is closed – if you get an empty prompt awaiting input, the port is open!
Another tool is netcat, which has the syntax:
nc -zv address port
For example:
nc -zv 192.168.3.1 80
The two options we used in the example are detailed below – to see what else netcat can do; you can use the man command as shown for netstat and *ss.
| -z | Scan for listening ports, don’t try to connect |
| -v | Verbose output with more information |
