Monitoring active and listening ports on a Linux system is an important task for admins to ensure applications are running correctly and to detect unauthorised services. Two common tools used for this purpose are ‘netstat’ (older but still used) and ss (a modern replacement).
These commands work across most Linux distributions including Ubuntu, Debian, CentOS, Rocky Linux and AlmaLinux.
Table of Contents
Checking Listening Ports with netstat
The netstat command shows network connections, routing tables, interface statistics, and listening ports.
Note: On newer Linux distributions, ‘netstat’ may not be installed by default. It can be set up using the net-tools package.
- Firstly, install netstat using the following command:
sudo apt install net-tools # Debian/Ubuntu sudo yum install net-tools # RHEL/CentOS
- List Listening Ports, using:
netstat -tuln- -t : Show TCP ports
- -u : Show UDP ports
- -l : Show listening ports only
- -n : Show numeric addresses (skip hostname resolution)
- Example Output:
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:*
Here:
Port 22 (SSH) and 80 (HTTP) are listening.
0.0.0.0 means listening on all interfaces.
Checking Listening Ports with ss
ss (socket statistics) is faster and more feature-rich compared to netstat. It is the recommended tool on modern Linux systems.
- List Listening Ports, using: ss -tuln
Options are similar to netstat:- -t : TCP ports
- -u : UDP ports
- -l : Listening sockets only
- -n : Numeric output
- Example Output:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* tcp LISTEN 0 128 :::80 :::*
Show Process using a Port
To find which process is using a port, add the -p option.
-
- Using netstat
sudo netstat -tulnp
- Using ss
sudo ss -tulnp
- Example:
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=1123,fd=3)) This indicates that port 22 is being listened to by the SSH daemon (sshd).
- Using netstat
Best Practice
Prefer ‘ss’ over ‘netstat’ for speed and accuracy, but both are useful depending on the system environment.
This way, you can use netstat and ss to check Linux’s listening ports. If you require further assistance, please don’t hesitate to contact our support staff.
Our Linux VPS Hosting plans provide dedicated resources and complete control over ports, services and network management.
Checking listening ports already? Learn How to change the default SSH port