How to Check Open Ports on Ubuntu: Essential Commands and Security Tips

1. Introduction

In network management and server operations, accurately understanding the status of ports is essential. Especially when using Ubuntu, checking which ports are open and which processes are using them helps strengthen security and enables faster troubleshooting.

This article explains the basic commands and tools used to check ports on Ubuntu. It provides practical and easy-to-understand steps for beginners and intermediate users, so be sure to read through to the end.

2. What Is a Port?

2.1 Basic Concept of Ports

A port is a virtual communication endpoint that computers and network devices use to send and receive data. Specifically, when multiple applications communicate simultaneously on the same IP address, ports identify and route data to the correct application.

For example, a web server uses port 80 for HTTP traffic. If the same server allows SSH access, it uses port 22. Since services are distinguished by port numbers, checking port status is crucial in network management.

2.2 Types and Roles of Ports

Ports are categorized into three main groups:

1. Well-Known Ports (0–1023)

• Globally standardized port numbers assigned to commonly used services.
  • Examples:
  • HTTP: 80
  • HTTPS: 443
  • SSH: 22

1. Registered Ports (1024–49151)

• Ports used by specific applications or companies.
  • Examples:
  • MySQL: 3306
  • PostgreSQL: 5432

1. Dynamic Ports (49152–65535)

• Ports temporarily used by applications, commonly in client-side communications.

Understanding this classification makes it easier to determine what each port number is used for.

3. How to Check Ports on Ubuntu

Ubuntu provides several tools to check port status. This section explains four particularly useful commands.

3.1 Using the ss Command

The ss command is a powerful network management tool for Linux systems. It runs quickly and provides detailed connection information.

Basic Command:

sudo ss -ltn

Option Details:

• -l: Displays ports in LISTEN state only.
• -t: Shows TCP protocol only.
• -n: Displays addresses and port numbers in numeric form.

Example Output:

State       Recv-Q Send-Q      Local Address:Port        Peer Address:Port  
LISTEN      0      128              0.0.0.0:22               0.0.0.0:*

3.2 Using the netstat Command

The netstat command has been widely used as a network management tool for many years. Although it is gradually being replaced by ss, it is still available on many systems.

Basic Command:

sudo netstat -ltn

Example Output:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

3.3 Using the lsof Command

lsof is useful for identifying processes that are using specific ports.

Check a specific port:

sudo lsof -i :80

Example Output:

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2   1234  www    4u   IPv4  12345 0t0      TCP *:http (LISTEN)

3.4 Using the nmap Command

nmap is a network scanning tool often used for security diagnostics.

Scan localhost:

sudo nmap localhost

Example Output:

Starting Nmap 7.80 ( https://nmap.org ) at 2024-12-21 18:00 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http

Key Points:

• Open ports and their associated services are listed.
• It is possible to scan external servers, but proper authorization is required.

4. Checking Firewall Settings

On Ubuntu, firewalls are commonly used to enhance security. ufw (Uncomplicated Firewall), in particular, is a simple yet powerful management tool widely used for this purpose. This section explains how to check the status of ports and modify configurations using ufw.

4.1 Check ufw Status

Command to check firewall status:

sudo ufw status verbose

Example Output:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere

Explanation:

• Status: active — indicates that the firewall is enabled.
• Logging: on — logging is enabled and firewall activity is being recorded.
• Default: deny (incoming), allow (outgoing) — incoming connections are denied by default, while outgoing connections are allowed.
• ALLOW — shows ports or services that are explicitly allowed (e.g., SSH and HTTP).

Tip:
If the firewall is disabled (Status: inactive), enable it with the following command:

sudo ufw enable

4.2 Allowing or Blocking Ports

Command to allow a port:

sudo ufw allow 22/tcp

Explanation:

• Allows TCP connections on port 22 (SSH).

Command to block a port:

sudo ufw deny 80/tcp

Explanation:

• Blocks access to port 80 (HTTP).

Example: Allow access from a specific IP address only

sudo ufw allow from 192.168.1.100 to any port 22 proto tcp

Explanation:

• Allows SSH connections from IP address 192.168.1.100 only.

4.3 Resetting and Reviewing Settings

To reset the firewall configuration and start over, run the following command:

sudo ufw reset

This clears all rules and returns the firewall to its default state. If you reset settings, be sure to review and reapply necessary rules.

5. Practical Example: Checking the Status of a Specific Port

This section provides a practical example using SSH (port 22) to show how to verify port status.

5.1 Check Port Status

Example Command:

sudo ss -ltn | grep ':22'

Example Output:

LISTEN      0      128        0.0.0.0:22            0.0.0.0:*

Key Points:

• If LISTEN appears in the output, the port is open and waiting for connections.
• 0.0.0.0 indicates that connections are accepted from all IP addresses.

5.2 Check Running Process

Example Command:

sudo lsof -i :22

Example Output:

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd      1234  root   3u   IPv4  56789 0t0      TCP *:ssh (LISTEN)

Key Points:

• sshd is the daemon process managing SSH connections.
• You can stop or restart the process by using its process ID (PID).

Example of stopping a process:

sudo kill 1234

5.3 Troubleshooting Example

Issue: What to do when a port is closed or inaccessible.

Steps:

1. Check firewall settings.

sudo ufw status verbose

2. If the port is blocked, allow it.

sudo ufw allow 22/tcp

3. Check the service status and restart if needed.

sudo systemctl restart ssh

6. Port Management and Security

Port management is directly linked to network security. This section explains key points about opening and closing ports and maintaining secure configurations.

6.1 Closing Unused Ports

Ports that are not in use should be closed to reduce the risk of unauthorized access.

Example: Closing port 80

sudo ufw deny 80/tcp

6.2 Countermeasures Against Port Scanning

Port scanning is a technique attackers use to identify vulnerabilities within a system. The following methods help protect your server:

1. Strengthen firewall rules:

sudo ufw default deny incoming

2. Monitor logs:

sudo tail -f /var/log/ufw.log

3. Install port scan detection tools:
   Use tools like fail2ban to automatically block unauthorized access attempts.

7. Summary

This article explained specific methods and commands to check ports on Ubuntu. It also covered firewall management using ufw and practical security measures.

7.1 Key Takeaways

• Basic concepts and categories of ports:
  Ports serve as communication entry points and are classified as well-known, registered, and dynamic ports.
• How to check ports:
  Commands such as ss, netstat, lsof, and nmap provide insights into port and process status.
• Firewall management:
  Using ufw, you can allow or block ports to enhance system security.
• Importance of security:
  Closing unused ports, monitoring logs, and using security tools help maintain a safe network environment.

7.2 Practical Application

Port management is a fundamental aspect of network security. Apply the knowledge gained from this article to maintain a secure and stable server environment.

FAQ: Frequently Asked Questions About Checking Ports on Ubuntu

Q1. What should I do if a port is not open on Ubuntu?

A:
Try the following steps:

1. Check firewall settings:

sudo ufw status verbose

If the port is blocked, allow it with:

sudo ufw allow [portnumber]/tcp

2. Verify that the service is running:

sudo systemctl status [servicename]

Example for SSH:
sudo systemctl status ssh

Restart if necessary:

sudo systemctl restart [servicename]

3. Confirm that the correct port is configured:
   Check the service configuration file, such as /etc/ssh/sshd_config for SSH, to verify the appropriate port number.

Q2. What is the difference between ss and netstat?

A:
Both tools are used to check network connections, but they differ as follows:

• ss:
  The recommended tool for modern Linux systems. Faster and provides more detailed information.
  Example: sudo ss -ltn
• netstat:
  An older tool, gradually becoming deprecated, but still widely available on legacy systems.
  Example: sudo netstat -ltn

For newer systems, ss is recommended.

Q3. How can I detect port scanning?

A:
Use the following methods:

1. Check firewall logs:

sudo tail -f /var/log/ufw.log

Look for suspicious IP addresses or repeated access attempts.

2. Install IDS/IPS tools:

• Use tools like fail2ban or Snort to automatically block unauthorized access attempts.

3. Scan your own server with nmap:

sudo nmap localhost

Identify unnecessary open ports and close them.

Q4. How can I check which process is using a specific port?

A:
Use the lsof command:

sudo lsof -i :[portnumber]

Example for port 80:

sudo lsof -i :80

Example Output:

COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2   1234  www    4u   IPv4  12345 0t0      TCP *:http (LISTEN)

Q5. How do I allow only a specific IP address using ufw?

A:
Use the following command:

sudo ufw allow from [IP address] to any port [portnumber] proto tcp

Example: Allow SSH access from 192.168.1.100:

sudo ufw allow from 192.168.1.100 to any port 22 proto tcp

Q6. How can I change the port number?

A:
Edit the configuration file of the respective service.
Example for SSH:

1. Edit the configuration file:

sudo nano /etc/ssh/sshd_config

2. Find the Port directive and set a new port number:

Port 2222

3. Restart the SSH service:

sudo systemctl restart ssh

4. Allow the new port through the firewall:

sudo ufw allow 2222/tcp

Q7. Can I allow multiple ports at once?

A:
Yes, you can allow multiple ports using the following methods:

1. Allowing a range of ports:

sudo ufw allow 1000:2000/tcp

Explanation: Allows ports from 1000 to 2000.

2. Allowing ports individually:

sudo ufw allow 22/tcp
sudo ufw allow 80/tcp