Monitoring open ports is an important part of Linux server security and management. Open ports indicate which services are listening for network connections. Knowing your open ports helps prevent illegal access, troubleshoot network issues, and secure your server.
In this guide, we will cover how to check open ports on Ubuntu, CentOS, and Debian using various methods, along with best practices to manage them efficiently.
Table of Contents:
Why Checking Open Ports is Important?
- Security: Open ports can expose server services to potential threats if not properly managed.
- Troubleshooting: Monitoring open ports helps quickly diagnose network and connectivity issues.
- Resource Management: Identifying unused or unnecessary services ensures optimal server performance and reduces attack surfaces.
Methods to Check Open Ports in Linux:
Using the ss Command (Socket Statistics)
ss is a modern replacement for netstat and provides detailed info about TCP, UDP, and listening ports.
- Command:
ss -tuln
- Explanation:
-t > TCP connections
-u > UDP connections
-l > Listening ports only
-n > Display port numbers as a substitute for service names - Sample Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 128 0.0.0.0:22 0.0.0:* tcp LISTEN 0 100 127.0.0.1:3306 0.0.0.0:*
Using the netstat Command
netstat is widely used, but may require installation on newer systems.
- Install net-tools if not available:
# Ubuntu/Debiansudo apt update sudo apt install net-tools
# CentOS/RHEL
sudo yum install net-tools
- Check open ports:
netstat -tuln
- Options:
-t >TCP
-u> UDP
-l > Listening
-n> Show numeric ports
Using the lsof Command
lsof lists open files and network connections.
- Command to list listening ports:
sudo lsof -i -P -n | grep LISTEN
- Explanation:
-i > network files
-P > shows port numbers
-n > numeric addresses
Using the nmap Command (Network Scanner)
nmap can scan local or remote servers for open ports.
- Install nmap:
# Ubuntu/Debiansudo apt install nmap
# CentOS/RHEL
sudo yum install nmap
- Scan local machine:
sudo nmap -sT -O localhost
- Scan a remote server:
sudo nmap -sT example.com
Tip: nmap provides a detailed report with port numbers, protocols, and running services.
Best Practices After Checking Open Ports
- Close Unused Ports: Stop unnecessary services and use firewall rules (ufw for Ubuntu/Debian, firewalld for CentOS).
- Regular Monitoring: Schedule periodic port checks to detect unusual activity.
- Secure Critical Ports: For SSH, change the default port or enable key-based authentication.
Conclusion:
In this way, we can check open ports on our Linux server (Ubuntu, CentOS, Debian), which is essential for security and efficient server management.
By combining this with proper firewall configuration and regular monitoring, we can keep our server secure and reliable. If you run into any difficulty, feel free to contact our support staff at any time.
For complete control over services and networking, consider using a Linux VPS with full system access.
Checked open ports on Linux? Learn How to Find Open Ports Using Command Prompt