Find Open Ports Ubuntu

A port is a virtual endpoint used by services to accept incoming packets. These are identified with port numbers (0 to 65535 in the case of TCP and UDP ports). An open port is one that is reachable and can be used by services to receive requests from clients (i.e. listening). 

On your server, you’ll need to open ports to service such requests (e.g., port 22 for SSH). Or from a security standpoint, you may want to list all open ports and verify that there aren’t any unauthorized/exploitable programs listening on any open ports. 

Ways to List All Open Ports

Netstat

Netstat is a legacy command used to get networking info such as active connections, network interfaces, routing tables, etc.

sudo apt install net-tools

The listening (-l) flag shows listening sockets. As the output contains a lot of undesired info, we’ll filter it to only show the TCP (-t) and UDP (-u) sockets. We’ll print the output in numeric form (-n) instead of resolving the hostname, and also include the PID/Program name (-p).

netstat -ltunp

The Local Address shows the IP Address:Port at which your host is reachable. The Foreign Address shows the IP Address and Port number of the remote end of the socket.

LISTEN means the corresponding port is open and listening for incoming connections. ESTABLISHED means the port already has an established connection. You can check the other states if required from the netstat manual page (man netstat) but these are the two main states.

The local ports respective to the listening or established connections are the ones that are currently open.

Ss

While netstat still works, it (and the net-tools collection) are technically deprecated. Their modern replacements are the ss and the iproute2 collection respectively.

sudo apt install iproute2

ss follows a similar syntax for most tasks that netstat was used for, including listing open sockets.

ss -tulpn

The output can be interpreted in the same manner as well.

Nmap

Network Mapper (nmap) is a security auditing tool used to scan a network and get info on online hosts. In our case, we can scan a specific host with it and check which ports are open.

sudo apt install nmap

You can scan (-s) for open TCP (-T) and UDP (-U) ports on the host (specified with its IP Address) like so

sudo nmap -sTU 192.168.10.43

A major reason to use nmap is that you can also get port info on remote hosts with it. All you need is their IP Address. You can even add flags to get additional info (e.g., -O to enable OS detection).

sudo nmap -sTU -O 192.168.122.15

Lsof

Everything is a file on Linux. This means the list open files (lsof) tool is a lot more versatile than it may initially look. In this case, we can use it with the internet address (-i) flag to list all Internet and x.25 (HP-UX) network files.

We’ll restrict host and port name resolution and print the output in numeric form with the -n and -P flags. We’ll also filter the output using grep to only show open ports. 

sudo lsof -i -P -n | grep 'LISTEN\|ESTABLISHED'

Check If Specific Port Is Open

If you only want to check the state of a specific port rather than list all open ports, all you need to do is filter the output using grep. For instance, if your SSH connection is failing, you may want to check if port 22 is currently open on the server.

netstat -ltunp | grep 'LISTEN\|ESTABLISHED'
ss -ltunp | grep 'LISTEN\|ESTABLISHED'

With lsof, you can also directly specify the port with the -i flag.

sudo lsof -Pni:22
Anup Thapa

Senior Writer

Anup Thapa is a Linux enthusiast with an extensive background in computer hardware and networking. His goal is to effectively communicate technical concepts in a simplified form understandable by new Linux users. To this end, he mainly writes beginner-friendly tutorials and troubleshooting guides. Outside of work, he enjoys reading up on a range of topics, traveling, working out, and MOBAs.