How to show/check for open ports on Ubuntu Linux
Open port checking is assigned to the specific program currently in use.
Of course, this was just one of many reasons to check open ports before running an application.
For example, you can use the ss command with the -ltmp option to get open ports, including processes
sudo ss -ltunp
As you can see, port numbers 53 and 631 are opened by default and are used for DNS and the Internet. So you can decide whether these ports should be allowed or blocked.
1. Using the Nmap command
The nmap Network Mapper tool is generally used by network engineers for operating system diagnosis, port scanning, network etc.
And unlike any other tool, nmap can open ports on remote devices without accessing them and does not require root privileges.
But it requires manual installation through the command:
sudo apt install nmap
To check open ports on localhost:
nmap localhost
By default, nmap only provides you with TCP ports. To list TCP and UDP ports simultaneously, you must use the -sTU option:
sudo nmap -sTU localhost
Similarly, you can also use any hostname you want. For example, let’s go with Google.
nmap google.com
As you can clearly see, Google has closed all unnecessary ports for security reasons.
2. Check open port using lsof command
Linux works on the philosophy of “everything is a file” and using the lsof List Of commands users can list all open files.
Since the lsof tool is required to read data from the proc kernel, you can easily trace network connections, including ports.
But the lsof command cannot be used without options, so you must use special options to get open ports.
So first let me show you the command and then we will explain:
sudo lsof -i -P -sTCP:LISTEN
Now, let’s explain the options used:
l is used to receive files that are only related to the network.
P displays the numerical value of the ports.
sTCP:LISTEN fetches TCP ports in listening (open) mode.
In a similar way, you can also check individual ports. So let’s say I want to check port number 631:
sudo lsof -P -i:631
As you can clearly see, cupsd is used by root on the given port.
3. Check the open port using the ss command
Yes, this is the command I talked about at the beginning of this tutorial, but here, I’m going to cover more components.
So ss Socket Statistics is a CLI tool used to get socket information. And as part of the package, you get faster and more in-depth information than anyone else.
To list the ports that are listening, use the following command:
sudo ss -tulwnp
- l Used to list open (listening) ports.
- t and -u are used to get TCP and UDP ports respectively.
- n indicates the exact amount of bandwidth.
- p represents processes using sockets.
- w is used to receive raw sockets (sockets that provide access to lower-layer protocols).
We have described several ways to list open ports. I recommend you use the ss command instead of the netstat command, which is deprecated and should no longer be used.
Good luck and be proud