How to check for open ports on your Ubuntu server

Last updated: November 10th 2022

Introduction

This guide explains different methods to check for open ports on your Webdock server. An open port is a port on which some process or application is running and it can accept data. In this guide we will use different tools to find out which ports are open.

An open port is defined as a port which has a service listening and accepting connections. You may find that you have services listening on ports which despite this are not accessible from the internet. This is what your firewall does: Block access to ports which you haven't explicitly allowed access to. For a guide on managing your firewall, take a look at our UFW guide here.

Prerequisites

Webdock cloud Ubuntu instance (18.04 or later)
You have shell access to your VPS

The difference between addresses

It matters whether a service is listening to a port on 127.0.0.1 (localhost) or if it is listening on 0.0.0.0 - typically what this means is that a service listening on localhost is only accessible from the host machine itself and not the wider internet. If you see a service listening on all interfaces (*) or 0.0.0.0 then the service is accessible from the internet - unless actively firewalled, which you will need to check for in Iptables or by running "ufw status" if you use UFW to manage your firewall.

Check for open ports using nmap

Network mapper or nmap is an open source tool used to scan networks and find open ports on a host. The following command will scan all the ports on the host.

$ sudo nmap localhost

                        Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-12 06:03 UTC

                        Nmap scan report for localhost (127.0.0.1)

                        Host is up (0.0000090s latency).

                        Not shown: 995 closed ports

                        PORT     STATE SERVICE

                        21/tcp   open  ftp

                        22/tcp   open  ssh

                        80/tcp   open  http

                        443/tcp  open  https

                        3306/tcp open  mysql

                        

                        Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

In order to check a specific port whether it is open or not, use the -p option to specify the port.

$ sudo nmap -p 80 localhost

                        Starting Nmap 7.80 ( https://nmap.org ) at 2021-06-12 06:04 UTC

                        Nmap scan report for localhost (127.0.0.1)

                        Host is up (0.000054s latency).

                        

                        PORT   STATE SERVICE

                        80/tcp open  http

                        

                        Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

Be careful using nmap as if you accidentally start scanning the entire network, you risk that your IP address will be banned.

Check for open ports using lsof

The lsof (list open files) command, as name suggests, is used to list all the open files in linux. These files may be network sockets, disk files or devices opened by different processes. Use the lsof command along with the -nP options to list all open sockets.

$ sudo lsof -nP | grep LISTEN

                        ...snip...

                        redis-ser  511  513 redis-ser        redis    6u    IPv4        662257788    0t0    TCP  127.0.0.1:6379  (LISTEN)

                        redis-ser  511  513 redis-ser        redis    7u    IPv6        662257789    0t0    TCP  [::1]:6379      (LISTEN)

                        redis-ser  511  515 redis-ser        redis    6u    IPv4        662257788    0t0    TCP  127.0.0.1:6379  (LISTEN)

                        redis-ser  511  515 redis-ser        redis    7u    IPv6        662257789    0t0    TCP  [::1]:6379      (LISTEN)

                        redis-ser  511  517 redis-ser        redis    6u    IPv4        662257788    0t0    TCP  127.0.0.1:6379  (LISTEN)

                        redis-ser  511  517 redis-ser        redis    7u    IPv6        662257789    0t0    TCP  [::1]:6379      (LISTEN)

                        ...snip...

List only the TCP open sockets.

$ sudo lsof -i tcp

                        ...snip...

                        pure-ftpd  303            root    4u  IPv4 662259745      0t0  TCP *:ftp (LISTEN)

                        pure-ftpd  303            root    5u  IPv6 662259746      0t0  TCP *:ftp (LISTEN)

                        sshd       304            root    3u  IPv4 662258731      0t0  TCP *:ssh (LISTEN)

                        sshd       304            root    4u  IPv6 662258733      0t0  TCP *:ssh (LISTEN)

                        ..snip...

For UDP open sockets, use the following command.

$ sudo lsof -i udp

systemd-r 254 systemd-resolve   12u  IPv4 662203276      0t0  UDP localhost:domain

Check for open ports using netstat

The netstat (network statistic) command can be used to monitor and scan networks. Get a list of all tcp and udp open ports using the netstat command.

$ sudo netstat -l

                        ...snip...

                        tcp        0      0 localhost:27017         0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:mysql         0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:6379          0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:11211         0.0.0.0:*               LISTEN

                        ...snip...

List TCP ports only.

$ sudo netstat -lt

                        ...snip...

                        tcp        0      0 localhost:27017         0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:mysql         0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:6379          0.0.0.0:*               LISTEN

                        tcp        0      0 localhost:11211         0.0.0.0:*               LISTEN

                        tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN

                        tcp6       0      0 [::]:ftp                [::]:*                  LISTEN

                        tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

                        ...snip...

For UDP ports only.

$ sudo netstat -lu

                        Active Internet connections (only servers)

                        

                        Proto Recv-Q Send-Q Local Address           Foreign Address         State

                        udp        0      0 localhost:domain        0.0.0.0:*

Check open ports using ss

The ss command is used to list detailed information of the network sockets. It provides more detailed information than the netstat command. List all the listening ports on a linux system.

$ sudo ss -l

                        Netid      State       Recv-Q      Send-Q                    Local Address:Port                    Peer Address:Port           Process

                        nl         UNCONN      0           0                         rtnl:systemd/1                                    *

                        nl         UNCONN      0           0                         rtnl:kernel                                       *

                        nl         UNCONN      0           0                         rtnl:systemd-resolve/254                          *

                        nl         UNCONN      0           0                         rtnl:systemd-resolve/254                          *

                        nl         UNCONN      0           0                         rtnl:systemd/1                                    *

                        ...snip...

To list only TCP listening ports, use the -lt flag.

$ sudo ss -lt

                        ...snip...

                        LISTEN              0                   128                        0.0.0.0:ssh          0.0.0.0:*

                        LISTEN              0                   511                        0.0.0.0:https        0.0.0.0:*

                        LISTEN              0                   4096                       127.0.0.1:27017      0.0.0.0:*

                        LISTEN              0                   70                         127.0.0.1:mysql      0.0.0.0:*

                        LISTEN              0                   511                        127.0.0.1:6379       0.0.0.0:*

                        ...snip...

For UDP listening ports, use the -lu flag.

$ sudo ss -lu

                        State               Recv-Q              Send-Q                           Local Address:Port                             Peer Address:Port             Process

                        UNCONN              0                   0                                127.0.0.53%lo:domain                                0.0.0.0:*

Conclusion

There are different tools available to monitor open ports on your server. In this guide we discussed how we can check for open ports on Webdock server using different command line tools like nmap, ss, netstat and lsof.

How to check for open ports on your Ubuntu server

Introduction

Prerequisites

The difference between addresses

Check for open ports using nmap

Check for open ports using lsof

Check for open ports using netstat

Check open ports using ss

Conclusion

Related articles

Server Security Checklist

How to work with your firewall (UFW - Uncomplicated Firewall)

SSH Security Configuration Settings

How to configure Fail2Ban for common services

How to Secure Nginx with Naxsi Firewall on Ubuntu 18.04 VPS

How to Secure Nginx with Naxsi Firewall on Ubuntu 20.04 VPS

How to configure Security Headers in Nginx and Apache

How to enable Encryption for MariaDB

How to Scan Your Webdock Server for Malware and Virus

How To Use Our Free BotGuard Bot Protection

Enhancing Nginx Security with IP Filtering and Password

Get Started For