Open ports show which services are accepting connections on your Linux host. Checking them helps validate firewall rules, troubleshoot connectivity, and harden exposed services. Below are three reliable ways to inspect ports using netstat, nmap, and lsof.
Note: On newer distributions, netstat is provided by net-tools. If unavailable, consider ss as a modern alternative.
Understanding Linux Port Types
Before checking open ports, it helps to know how Linux organizes port numbers. Ports are divided into three basic ranges.
Linux System Ports
System ports range from 0 to 1023. These are reserved for well‑known services like SSH (22), HTTP (80), and HTTPS (443). Only privileged users or system-level processes can use these ports.
Linux User Ports
User ports range from 1024 to 49151. Regular applications and services commonly use these ports. Web servers, databases, and custom scripts often operate here.
Linux Private Ports
Private ports range from 49152 to 65535. These are mostly used for temporary connections, random port assignments, and local client communication.
How to List Open Ports in Linux (Command‑Line Tools)
Below are three reliable approaches: netstat for quick, local inspection; nmap for scanning like an external client; lsof for mapping ports to processes.
Using netstat to Check Open Ports
Retrieving a list of all TCP and UDP ports that are currently listening
netstat -tuln
Lists listening TCP and UDP sockets with numeric addresses and ports, providing a quick overview of active services.
To list all the connections that are listening
netstat -l
Shows only sockets in listening state, useful for confirming which services are awaiting inbound connections.
List open ports in Linux, alongside current TCP connections
netstat -tn
Displays TCP sockets and established connections with numeric output, helping verify ongoing client traffic and port usage.
A list of open UDP ports
netstat -un
Shows active UDP sockets in numeric form, helpful for troubleshooting stateless services and lightweight protocols.
Tip: Add -p (e.g., netstat -tulnp) to display associated process IDs
and program names where permitted.
Using nmap to Scan Open Ports
Nmap helps you scan a system like an external client, revealing open ports, active services, and potential security exposures.
Scanning for open ports on a domain
nmap example.com
Performs a basic scan against a host, identifying open ports and responsive services from an external perspective.
List of ports that are listening for connections via TCP
nmap -sT localhost
Runs a TCP connect scan, enumerating ports accepting connections to validate which services are reachable locally.
List of ports that are listening for connections via UDP
nmap -sU localhost
Probes UDP listeners, which can respond unpredictably; helpful for discovering DNS, DHCP, and other UDP services.
Look at a specific port (instead of all ports)
nmap -p 443 example.com
Targets a single port to confirm openness and service availability, ideal for focused troubleshooting of one endpoint.
Scan every open port on both TCP and UDP
nmap -sT -sU -p- localhost
Sweeps all TCP and UDP ports, providing comprehensive visibility into every listening service on the scanned host.
Note: UDP scans can be slow; consider narrowing targets or increasing
timing cautiously to manage duration.
Using lsof to Find Open Network Connections
Lsof shows which running processes are using specific ports, helping you trace network activity and quickly diagnose service conflicts.
Listing all active network connections
lsof -i
Shows processes with open network files, revealing listening ports and active connections from a process‑centric viewpoint.
Find a process that is using a specified port
lsof -i :8080
Identifies which program owns a given port, enabling quick resolution of conflicts and unexpected bindings.
Get a list of all the UDP and TCP connections
lsof -iTCP -iUDP
Combines TCP and UDP views to present all active sockets, simplifying audits across both protocol families.
Pro tip: Add -P -n to lsof to skip service and DNS lookups for
faster, numeric output.
FAQ’s
- How to see open ports with lsof?
You can check open ports with the lsof command by running lsof -i in the terminal. It lists active network connections, showing which services or applications are currently using specific ports on the system. - How to check open ports in Linux netstat?
To check open ports using netstat, run netstat -tuln in the terminal. This command displays listening TCP and UDP ports along with their addresses, helping you identify which services are active on your server. - What is T4 in Nmap?
T4 in Nmap is a timing template that speeds up the scanning process. It sends packets faster while still maintaining accuracy, making it useful for scanning reliable networks where speed matters more than stealth. - How to check open ports in Linux using Nmap?
You can scan open ports in Linux with Nmap by running nmap localhost or nmap [IP address]. The tool checks common ports and reports which ones are open, closed, or filtered on the target system. - How do I check if port 443 is open?
To check if port 443 is open, use commands like nmap -p 443 [IP address] or telnet [domain] 443. If the connection succeeds or shows an open state, the HTTPS port is accessible.
Conclusion
Regularly checking open ports helps you validate service exposure, spot misconfigurations, and tighten security. Use netstat for quick snapshots, nmap for external scanning, and lsof to map ports to processes. Together, these tools provide a complete picture of your system’s network surface fast, accurate, and script‑friendly.
Discover How To Find Open Ports On Netstat and monitor active ports to improve Linux server security.