Amy Moruzzi Key takeaways
- You can check open ports in Linux with ss, netstat, lsof, nmap, and nc, but each tool answers a different question.
- ss is the best starting point on most current Linux systems, while netstat still shows up on many servers.
- lsof helps you find the process behind a port, and nmap helps you see what looks open from a scan.
- Regular port checks help with both security and day-to-day server management.
If you manage a Linux server, checking open ports should stay on your regular checklist. Every exposed port is a possible entry point into your server. Some are necessary for important services to run. Others only need to be open to whitelisted to certain IP’s, while still others can become forgotten attack surfaces. Knowing how to quickly identify open ports in Linux is one of the simplest ways to improve both troubleshooting and security posture. A scan of open ports also help explain why an app works, why a connection fails, or why a firewall rule is not doing what you expect.
This guide walks through the fastest ways to check open ports in Linux, what each command tells you, and how to connect those results to services, firewalls, and real server administration.
Understanding open ports in Linux
Ports act as numbered entry points for network traffic. Services and applications use them to send and receive data. A web server might listen on port 80 or 443. SSH usually listens on port 22. MySQL often uses port 3306. Knowing which ports are open helps you confirm which services are active and whether anything unexpected is listening.
Open ports matter for security, but they also matter for performance and troubleshooting. If a service stops responding, a blocked or closed port may be the problem. If a service listens on a port you did not expect, that deserves a closer look.
TCP, UDP, firewalls, and services
When you check open ports in Linux, you usually see TCP or UDP.
TCP focuses on reliable, connection-based communication. You will see it with services like web traffic and secure remote access. UDP favors speed and works well for traffic like DNS queries and some real-time services. This difference matters because a port can show up under TCP, UDP, or both, depending on the service.
Firewall rules matter too. A service can listen on a port locally, but a firewall can still block outside traffic, either incoming or outgoing. In practice, you need to think about the service, the local firewall, and sometimes a provider-level firewall or security group.
Common Linux ports and services
A few ports show up often enough that they are worth knowing:
- 22 for SSH
- 80 for HTTP
- 443 for HTTPS
- 21 for FTP
- 25 for SMTP
- 3306 for MySQL
These are not the only ports you will see, but they give you a quick way to connect a listening port with a likely service. That speeds up both troubleshooting and security review.
How to check open ports in Linux
Here is a quick comparison table of various tools to use for checking open ports:
| Tool | Best For | Shows Processes | Remote Scanning |
| ss | Fast local port checks | Yes | No |
| netstat | Legacy compatibility | Yes | No |
| lsof | Mapping ports to processes | Yes | No |
| nmap | Security scanning | Limited | Yes |
| nc | Quick connectivity tests | No | Yes |
Start with ss for a quick view of listening ports.
Use ss for a quick port check
Run:
This shows listening TCP and UDP ports in numeric form. On many current Linux systems, ss is the best first command because it is fast and easy to read.
If you also want to see the process using the port, run:
Use these flags to control the output:
- -t shows TCP
- -u shows UDP
- -l shows listening ports
- -n shows numeric ports instead of service names
- -p shows the process and PID
That one command answers the two questions most admins ask first: what is listening, and what owns it. The -p option often needs sudo to show everything.
Use netstat if your server still has it
Run:
netstat has been around for a long time. Many guides still use it, and many systems still have it through the net-tools package. It remains useful, but ss is usually the better default on current Linux systems.
To check one specific port, you can filter the output:
That gives you a quick yes-or-no check for a port like 443.
Use lsof to find the process behind a port
Run:
This shows active network connections and keeps hostnames and service names in numeric form. If you want to focus on listening services, filter for LISTEN:
If you want to check one specific port, use:
lsof is especially helpful when the real question is not whether the port is open, but which service opened it.
Use nmap for a scan-based view
Run:
This scans the most common ports on the local machine. If you want a full TCP scan, run:
You can also scan a remote system:
nmap helps with security checks because it shows what a scan can see. That makes it different from ss or lsof, which show what the local system knows is listening.
Use netcat for a quick yes-or-no test
Run:
This is a good choice when you want to test one port quickly. It doesn’t replace the broader commands above, but it is useful when you need a fast answer for one service.
Use PowerShell if you work across Linux and Windows
Run:
This is not the first choice for most Linux admins, but it can help if you already use PowerShell across both Linux and Windows systems.
Command cheat sheet
| Goal | Recommended command |
|---|---|
| Quick modern check | ss -tuln |
| Show process and PID | sudo ss -tulnp |
| Check with older tooling | sudo netstat -tuln |
| Find which process owns a port | sudo lsof -i :PORT |
| Scan localhost from a security angle | nmap localhost |
| Scan all TCP ports on localhost | sudo nmap -sT -p- localhost |
| Check one port quickly | nc -zv localhost PORT |
| Check UFW status | sudo ufw status |
| Check firewalld rules | sudo firewall-cmd –list-all |
How to see all open ports in Linux
Most users are trying to answer one of these two questions.
How to check all open ports in Linux?
Start with:
That gives you a broad list of listening TCP and UDP ports on most Linux systems. If you also need to know which process owns each port, use:
How do I see all my open ports?
You can use any of these, depending on what you need:
These commands all help, but they don’t show the exact same thing in the exact same way. ss and netstat focus on listening sockets. lsof helps tie a socket back to a process.
What the results mean
Listening port vs reachable port
A service can listen on a port locally, but outside systems still may not reach it. That can happen because of firewall rules, binding to 127.0.0.1 only, cloud security groups, or routing issues. If you only check with ss or lsof, you may confirm that a service is listening without proving that the network path works.
Why sudo changes the result
Some commands show more complete output when you run them with elevated privileges. That matters for ss -p and many lsof checks. If a result looks incomplete, permissions may be part of the problem.
IPv4 and IPv6 can change what you see
Some services listen on IPv4, some on IPv6, and some on both. If a service appears reachable one way but not another, check the bind address in the output.
How to check firewall rules for open ports
Port checks only tell part of the story if you skip the firewall.
If you use UFW, run:
If you use firewalld, run:
These commands help confirm whether the firewall allows the traffic you expect. On cloud infrastructure, provider-level firewalls or security groups can also block access even when the local Linux firewall allows the port.
How to close or limit open ports in Linux
Once you find a port you don’t need, you have a few ways to act:
- Stop or disable the service. If the service should not run, stop it and disable it through your service manager.
- Block the port in the firewall. If the service should run but should not stay broadly reachable, block the port or allow only the traffic you need.
- Restrict access to trusted IPs. This is often better than leaving a port open to everyone. Limit access where you can.
- Re-scan after changes. After you stop a service or update firewall rules, check again. Run ss, lsof, or nmap to make sure the change did what you expected.
Troubleshooting open port issues
If a port looks open and connections still fail, check these first:
- The service only listens on localhost. A service bound to 127.0.0.1 may work locally and fail remotely.
- The firewall still blocks the port. Check the local firewall and any provider-level firewall.
- Another process already uses the port. Use lsof or ss -p to confirm which process owns it.
- The service listens on one protocol stack only. A service may listen on IPv6 but not IPv4, or the reverse.
These checks move you from a simple port list to an actual fix.
Linux port FAQs
For most current Linux systems, ss is the quickest way to list listening ports. Use ss -tuln for a general check, or sudo ss -tulnp if you also need process details. If you need to map a specific port to a process, use lsof. If you need a scan-based view, use nmap.
Use:
or
These commands help you see which service and PID own the port.
A firewall may block the port. The service may only bind to localhost. A cloud firewall or security group may block access. The service may also listen on IPv6 only while your test uses IPv4.
Getting started with open ports in Linux
Checking open ports in Linux is about more than listing sockets. It helps you confirm what is running, understand what is exposed, and spot problems before they turn into bigger issues. Your business depends on this. It has to work.
Start with sudo ss -tulnp. That one command gives you the clearest first look at listening ports and the processes behind them. From there, use lsof for process detail, nmap for scan-based checks, and your firewall tools to verify access.
Open port visibility is one of the fastest ways to understand what your Linux server is actually exposing. Regular checks help you catch misconfigurations early, reduce unnecessary attack surface, and troubleshoot connectivity problems faster.
Liquid Web offers managed Linux VPS and dedicated hosting for teams that need reliable infrastructure and real support. Explore Liquid Web’s Linux hosting options to find the setup that fits your next deployment.