Open ports determine how services communicate with the outside world. Web servers, databases, control panels, streaming services, and SSH access all rely on specific network ports being open and listening.

For Linux system administrators, checking open ports is one of the most common troubleshooting tasks. It helps diagnose service issues, detect unexpected services running on a server, and verify firewall configurations.

In this guide we explain how to check open ports in Linux using the most commonly used administrative tools:

• ss
• netstat
• lsof

These utilities allow administrators to quickly identify which services are listening on which ports and which processes are responsible for them.

---

Why Checking Open Ports Matters

Every network service listens on a port. For example:

• Web servers typically listen on 80 (HTTP) and 443 (HTTPS)

• SSH servers listen on 22

• MySQL servers listen on 3306

• Control panels like cPanel use multiple service ports

When services fail to respond, checking open ports helps determine whether:

• the service is running
• the port is listening
• the firewall is blocking access

This makes port inspection a critical step in server diagnostics.

---

Understanding Listening vs Open Ports

Before running commands, it helps to understand the terminology.

Listening Port

A service is actively waiting for incoming connections.

Established Connection

A connection already exists between two systems.

Closed Port

No service is listening on the port.

Administrators typically focus on listening ports when verifying server services.

---

Checking Open Ports with ss (Recommended)

The ss command is the modern replacement for netstat and is available on most modern Linux distributions.

Run:

ss -tulnp

Explanation of options:

• -t → TCP ports
• -u → UDP ports
• -l → listening sockets
• -n → numeric output
• -p → process using the port

Example output:

Netid State   Recv-Q Send-Q Local Address:Port  Process
TCP   LISTEN  0      128    0.0.0.0:80         nginx
TCP   LISTEN  0      128    0.0.0.0:22         sshd
TCP   LISTEN  0      80     127.0.0.1:3306     mysqld

This shows which services are actively listening on each port.

---

Checking Ports with netstat (Legacy but Common)

The netstat command has historically been used for network diagnostics. Although it is gradually being replaced by ss, many administrators still encounter it on older systems.

Run:

netstat -tulnp

Example output:

tcp   0  0 0.0.0.0:80     0.0.0.0:*   LISTEN   1024/nginx
tcp   0  0 0.0.0.0:22     0.0.0.0:*   LISTEN   923/sshd

This command provides similar information to ss but may not be installed by default on modern Linux systems.

---

Identifying Ports by Process with lsof

The lsof command lists open files and network connections associated with processes.

Run:

lsof -i -P -n

Example output:

nginx   1024 root   6u  IPv4  12345  TCP *:80 (LISTEN)
sshd     923 root   3u  IPv4  22345  TCP *:22 (LISTEN)

This command is useful when you need to identify exactly which application owns a network port.

---

Checking a Specific Port

Administrators often want to check whether a specific port is open.

Example using ss:

ss -tulnp | grep 80

Example using lsof:

lsof -i :80

This quickly confirms whether a service such as a web server is listening.

---

Common Troubleshooting Scenarios

Web Server Not Responding

Check if the web server is listening on port 80 or 443.

ss -tulnp | grep 80

If nothing appears, the web service may not be running.

Port Conflict

Two services cannot listen on the same port simultaneously.

If a service fails to start, check whether another process already occupies the port.

Firewall Blocking Access

Even if a port is listening, firewall rules may block external traffic.

Administrators should verify firewall configurations using tools such as:

• iptables
• firewalld
• ufw

---

Security Considerations

Checking open ports is also a security best practice. Servers should only expose necessary services to the internet.

Unexpected open ports may indicate:

• misconfigured services
• unused applications running
• potential security risks

Regular port audits help maintain secure server environments.

---

When Port Monitoring Becomes Critical

As infrastructure grows, port monitoring becomes essential for reliability and security.

Large environments often monitor ports continuously to ensure services remain available.

For example:

• high-traffic web applications
• streaming servers
• API platforms

In such environments, administrators rely on automated monitoring systems that alert them when critical ports stop responding.

Related Linux Server Guides

• How to Check Server Disk Usage in Linux (df, du, and ncdu Explained)
• How to Check CPU Usage in Linux (top, htop, uptime Explained)
• How to Check Server Load in Linux (Load Average Explained)
• How to Check Memory Usage in Linux (free, vmstat, htop Explained)
• Rsync vs Rclone: Which Is Better for Server Backups?
• How RAID Actually Works (RAID 0, 1, 5, 10 Explained for Servers)

---

Final Thoughts

Understanding how to inspect open ports is a fundamental Linux administration skill. Commands such as ss, netstat, and lsof provide quick insight into which services are running and how they communicate over the network.

Whether troubleshooting service failures, verifying firewall rules, or auditing server security, checking open ports is one of the first diagnostic steps experienced administrators perform.

Mastering these tools makes it significantly easier to manage and secure Linux server environments.

Explore our infrastructure options:

• Offshore VPS Servers
• Scalable Offshore Cloud Servers
• Offshore Dedicated Servers
• Streaming Dedicated Servers