Home Blog Memberplace Create Account Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode

How to Check Open Ports in Linux Using the CLI

In the contemporary digital environment, marked by the critical significance of cybersecurity, possessing the expertise to inspect open ports in Linux via the command line interface (CLI) stands as an invaluable asset for both system administrators and cybersecurity professionals alike. Open ports are essentially communication endpoints that allow data to flow in and out of a system. However, these open ports can also pose security risks if left unchecked, as they can provide potential entry points for malicious actors.

Understanding the Importance of Checking Open Ports

Before delving into the specifics of how to check open ports in Linux, it’s crucial to understand why this process is essential. Open ports can serve as gateways for unauthorized access to a system, making them a prime target for hackers looking to exploit vulnerabilities. By regularly monitoring and verifying open ports, system administrators can ensure that only the necessary ports are accessible, thereby minimizing the risk of unauthorized access and potential security breaches.

Using the CLI to Check Open Ports

One of the most efficient ways to check open ports in Linux is through the command line interface (CLI). The CLI provides users with direct access to the underlying system, allowing for precise and detailed control over various aspects of the system’s configuration. For Linux administrators, understanding which ports are open on their systems is crucial. Open ports act as gateways for incoming and outgoing network traffic, facilitating communication between your device and other machines on the network. Identifying these open ports empowers you to:

  • Bolster Security By pinpointing open ports, you can determine which services are running and if any unauthorized applications are listening. This awareness helps you mitigate security vulnerabilities and potential breaches.
  • Troubleshoot Network Issues When network connectivity problems arise, checking open ports can aid in diagnosing the root cause. You can identify if specific services are failing to establish connections due to closed ports.
  • Manage Services Effectively managing services on your Linux system often involves understanding which ports they utilize. This knowledge ensures proper configuration and prevents conflicts between services vying for the same ports.

The Linux command-line interface (CLI) offers a robust arsenal of tools to meticulously examine open ports. This article delves into three prominent methods of achieving this task, empowering you to maintain a watchful eye over your network landscape.

1. Using the ss Command (Modern and Feature-Rich)

The ss command, introduced in Linux kernel version 3.6, serves as a powerful and versatile tool for examining network sockets. It surpasses its predecessor, netstat, by offering more detailed and comprehensive output. Here’s a breakdown of utilizing ss to identify open ports:

1.1 Basic Syntax


1.2 Displaying Listening TCP Ports

To list all listening TCP ports, execute the following command:

ss -tln
  • -t: Filters output to display TCP connections only.
  • -l: Shows listening sockets, which represent open ports.
  • -n: Outputs numerical port numbers instead of service names (faster).

The command will produce output similar to this:

State      Recv-Q Send-Q Local Address:Port  Peer Address:Port     Use       Inode    PID/Program name
LISTEN     0      128*          tcp       1234       900  mysqld
LISTEN     0      128 *:80       *          tcp       1235       1234  apache2

In this example:

  • The LISTEN state indicates open ports.
  • Local Address and Port: The IP address and port number of the listening process.
  • Peer Address and Port: Blank since no incoming connections are established.

1.3 Additional Options

  • -p: Include the process ID (PID) and program name associated with the open port.
  • -a: Display all sockets, including those in states other than listening.
  • -u: List UDP sockets instead of TCP connections.

1.4 Filtering by Port Number

To target a specific port, use the -p option followed by the port number:

ss -tlnp :80

This command will display only TCP connections on port 80 (commonly used by web servers).

2. Employing the netstat Command (Legacy but Still Functional)

The netstat command, a longstanding utility in Linux, can also be leveraged to check open ports. While it’s considered somewhat dated compared to ss, it remains a viable option on many systems. Here’s a primer on using netstat:

2.1 Basic Syntax

netstat [OPTIONS]

2.2 Displaying Listening TCP Ports

To enumerate listening TCP ports with netstat, execute:

netstat -atn
  • -a: Shows all sockets, including listening and non-listening ones.
  • -t: Filters output to TCP connections.
  • -n: Outputs numerical port numbers instead of service names.

The output format is comparable to that of ss.

2.3 Additional Options

  • -p: Include the process ID (PID) and program name.
  • -u: List UDP sockets.

2.4 Considerations

  • netstat might not provide the same level of detail as ss.
  • New features introduced in later kernel versions might not be reflected in netstat’s output.

3. Leveraging the lsof Command (For Process-Specific Information)

The lsof command stands for list open files. While its primary function isn’t solely focusing on ports, it can be a valuable tool in conjunction with other commands to glean process-specific details about open ports. Here’s how to utilize lsof for this purpose:

3.1 Basic Syntax

lsof [OPTIONS]

3.2 Identifying Open Ports and Associated Processes

To find open ports and their corresponding processes, run:

lsof -i :PORT_NUMBER

Replace PORT_NUMBER with the specific port you’re interested in (e.g., lsof -i :80).

The output will showcase details like the process ID (PID), user, and command associated with the open port. This information can be crucial for troubleshooting service-related issues.

3.3 Combining LSOF with GREP for Targeted Results

You can integrate lsof with the grep command to filter results based on specific criteria. For instance, to identify all processes listening on ports above 1024 and owned by the user apache, use:

lsof -i :*>1024 | grep apache

This refines the output, presenting only processes relevant to your query.

Choosing the Right Tool: A Guided Decision

While all three commands serve the purpose of checking open ports, their strengths and use cases differ slightly:

  • ss is the most modern and feature-rich option, offering detailed output and various filtering capabilities. It’s generally recommended as the primary tool for most users.
  • netstat, though considered legacy, remains a functional choice on many systems. Its output format is similar to ss, but it might lack some advanced features.
  • lsof excels in revealing the processes utilizing specific ports. It complements ss or netstat by providing additional context about running services.

Best Practices for Enhanced Security

Here are some additional security measures to consider when managing open ports on your Linux system:

  • Minimize Open Ports: Keep only essential ports open to reduce your attack surface. Close any unnecessary ports to prevent unauthorized access attempts.
  • Utilize Firewalls: Implement a firewall to filter incoming and outgoing traffic, further restricting access to only authorized services and ports.
  • Maintain Software Updates: Regularly update your system and software packages to patch vulnerabilities that attackers might exploit through open ports.
  • Monitor for Suspicious Activity: Regularly monitor system logs and network traffic for any signs of suspicious activity that might indicate unauthorized access attempts.


In conclusion, knowing how to check open ports in Linux using the command line interface is a fundamental skill for maintaining the security of your system. By leveraging commands such as netstat, lsof, and ss, users can quickly identify open ports and take necessary measures to secure them. Additionally, implementing best practices for securing open ports, such as firewall configuration, regular port scanning, port hardening, and service patching, can further enhance the security posture of your system and mitigate potential security risks. By staying vigilant and proactive in monitoring and securing open ports, system administrators can effectively protect their systems from unauthorized access and potential security breaches.