How to Use netstat and ss to Check Linux’s Listening Ports

September 1, 2025 / Security and Backup

Monitoring active and listening ports on a Linux system is an important task for admins to ensure applications are running correctly and to detect unauthorised services. Two common tools used for this purpose are ‘netstat’  (older but still used) and ss (a modern replacement).

These commands work across most Linux distributions including Ubuntu, Debian, CentOS, Rocky Linux and AlmaLinux.

Checking Listening Ports with netstat

The netstat command shows network connections, routing tables, interface statistics, and listening ports.
Note: On newer Linux distributions, ‘netstat’ may not be installed by default. It can be set up using the net-tools package.

  1. Firstly, install netstat using the following command:
    sudo apt install net-tools   # Debian/Ubuntu
    sudo yum install net-tools   # RHEL/CentOS
  2. List Listening Ports, using:
    netstat -tuln

    • -t : Show TCP ports
    • -u : Show UDP ports
    • -l : Show listening ports only
    • -n : Show numeric addresses (skip hostname resolution)
  3. Example Output:
    Proto Recv-Q Send-Q Local Address           Foreign Address         State
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
    tcp6       0      0 :::80                   :::*                    LISTEN
    udp        0      0 0.0.0.0:68              0.0.0.0:*

    Here:
    Port 22 (SSH) and 80 (HTTP) are listening.
    0.0.0.0 means listening on all interfaces.

Checking Listening Ports with ss

ss (socket statistics) is faster and more feature-rich compared to netstat. It is the recommended tool on modern Linux systems.

  1. List Listening Ports, using: ss -tuln
    Options are similar to netstat:

    • -t : TCP ports
    • -u : UDP ports
    • -l : Listening sockets only
    • -n : Numeric output
    • Example Output:
      Netid State   Recv-Q Send-Q Local Address:Port   Peer Address:Port
      tcp   LISTEN  0      128    0.0.0.0:22          0.0.0.0:*
      tcp   LISTEN  0      128    :::80               :::*

Show Process using a Port

To find which process is using a port, add the -p option.

    1. Using netstat
      sudo netstat -tulnp
    2. Using ss
      sudo ss -tulnp
    3. Example:
      tcp   LISTEN  0      128    0.0.0.0:22   0.0.0.0:*   users:((“sshd”,pid=1123,fd=3))
      This indicates that port 22 is being listened to by the SSH daemon (sshd).

Best Practice

Prefer ‘ss’ over ‘netstat’ for speed and accuracy, but both are useful depending on the system environment.

This way, you can use netstat and ss to check Linux’s listening ports. If you require further assistance, please don’t hesitate to contact our support staff.

Need greater visibility into Linux networking and server activity?
Our Linux VPS Hosting plans provide dedicated resources and complete control over ports, services and network management.

Checking listening ports already? Learn How to change the default SSH port

Spread the love