Your Trusted Web Hosting Partner Since 2008. Get VPS Now!
Support   +373 79 600002
English Flag English
Login Sign Up
Support   +373 79 600002
15%

Alexhost grants you wishes

Take the survey and win prizes

ALEX26
Get Started
25.12.2024
Administration

Checking Open and Listening Ports in Linux Using Netstat and SS

Checking Open and Listening Ports in Linux Using netstat and ss

Monitoring open and listening ports on a Linux system is an essential practice for maintaining system security, performing network troubleshooting, and effectively managing your server infrastructure. By regularly checking which ports are open and which services are using them, you can identify potential security risks, detect unauthorized access attempts, and ensure your system is not exposed to unnecessary vulnerabilities.

Understanding which services are bound to specific ports also helps detect misconfigurations or unexpected behavior, such as unknown processes listening on sensitive ports. This knowledge significantly reduces the risk of a security breach by allowing you to close unused ports or properly secure active ones.

In this article, we will explain how to use the netstat and ss commands to check open and listening ports on a Linux system.

Understanding Ports and Their Types

Before using the tools, it is important to understand the basic types of ports you may encounter:

  • Open ports: Ports on which applications are actively listening for incoming connections.
  • Listening ports: Ports bound to a service or application that is waiting for network traffic.
  • Common protocols:
    • TCP: Transmission Control Protocol, connection-oriented and reliable.
    • UDP: User Datagram Protocol, connectionless, faster but less reliable.

Checking Ports with netstat

What Is netstat?

netstat is a classic command-line tool that provides network statistics and information about network connections, including open and listening ports. Although it has been deprecated in favor of newer tools such as ss, it is still widely used on many systems.

Installing netstat

The netstat command is part of the net-tools package. On modern Linux distributions, it may need to be installed manually.

Debian / Ubuntu

sudo apt install net-tools

CentOS / RHEL

sudo yum install net-tools

Using netstat to Check Open and Listening Ports

To display all listening TCP and UDP ports on your system, run:

sudo netstat -tuln

  • -t: Show TCP ports
  • -u: Show UDP ports
  • -l: Show only listening ports
  • -n: Show numerical addresses instead of resolving hostnames

Understanding the Output

  • Local Address: The IP address and port where the service is listening.
  • Foreign Address: The remote IP and port for active connections.
  • State: The connection state, such as
    LISTEN
    for open ports.

Filtering Specific Ports or Services with netstat

You can filter the output to focus on a specific port or service. For example, to check services listening on port 80 (HTTP):

sudo netstat -tuln | grep ":80"

This command displays all services listening on port 80.

Checking Ports with ss

What Is ss?

ss is a modern utility that has replaced netstat on many Linux distributions. It is faster and more efficient, especially on systems with a large number of network connections. The ss command can display open ports, socket statistics, and detailed network information.

Using ss to Check Open and Listening Ports

The syntax of ss is similar to netstat. To list all listening TCP and UDP ports, run:

ss -tuln

  • -t: Show TCP sockets
  • -u: Show UDP sockets
  • -l: Show listening sockets
  • -n: Display numerical addresses

The output provides a clear overview of all listening ports and their states.

Advanced Usage of ss

The ss command offers advanced filtering options for more detailed analysis.

Show Only Listening TCP Ports

ss -tl

Show Only Listening UDP Ports

ss -ul

Show Listening Ports with Associated Process IDs

To identify which process is using a specific port, run:

ss -tulnp

The -p option displays the process name and PID associated with each listening port, which is useful for troubleshooting.

Comparing netstat and ss

Both tools serve similar purposes, but there are important differences:

  • Performance: ss is faster and more efficient than netstat, especially on busy systems.
  • Availability: ss is included by default on most modern Linux distributions, while netstat may require manual installation.
  • Filtering options: ss provides more advanced filtering and display capabilities.

When to Use netstat

  • On older Linux systems.
  • If you are already familiar with netstat syntax.

When to Use ss

  • When better performance is required.
  • For advanced network analysis and filtering.

Other Tools for Checking Open Ports

In addition to netstat and ss, other tools can be used to check open and listening ports.

Using lsof

lsof lists open files, including network sockets. To check which process is using port 80:

sudo lsof -i :80

This command displays the processes bound to port 80.

Using nmap

nmap is a network scanning tool that can be used to detect open ports on a system:

sudo nmap -sT localhost

This scans TCP ports on the local machine.

Conclusion

Monitoring open and listening ports is a critical task for Linux system administrators. Tools such as netstat and ss make it easy to identify active services, troubleshoot network issues, and enhance server security.

While netstat is still useful on older systems, ss is the preferred choice for modern Linux environments due to its speed and efficiency. Whether you are securing a Linux server or diagnosing network behavior, these tools provide the visibility needed to manage open ports effectively.

15%

Alexhost grants you wishes

Take the survey and win prizes

ALEX26
Get Started