How to Check Open Ports on Ubuntu Server

On Ubuntu Server, “open ports” typically means listening ports — sockets where processes are actively waiting for incoming connections (TCP or UDP). Checking these is essential for security auditing, verifying services (e.g., SSH on 22, web server on 80/443), troubleshooting connectivity, or ensuring no unexpected services are exposed.

Ubuntu Server (24.04 LTS and later) provides several reliable tools. The modern, preferred method uses ss (socket statistics), which replaced the deprecated netstat. Other useful tools include lsof and nmap.

1. Using ss – Recommended & Fastest Method (Built-in)

ss is part of the iproute2 package (pre-installed on Ubuntu Server) and is significantly faster and more accurate than older tools, especially on systems with many connections.

List all listening TCP and UDP ports with process info:

sudo ss -tulnp

Key options breakdown:

• -t → TCP sockets
• -u → UDP sockets
• -l → listening sockets only (most important for “open ports”)
• -n → numeric addresses/ports (no name resolution slowdown)
• -p → show process name/PID/user owning the socket (requires root)

Common output example:

Netid  State    Recv-Q   Send-Q     Local Address:Port       Peer Address:Port    Process
tcp    LISTEN   0        128        0.0.0.0:22              0.0.0.0:*            users:(("sshd",pid=1234,fd=3))
tcp    LISTEN   0        511        0.0.0.0:80              0.0.0.0:*            users:(("nginx",pid=5678,fd=6))
udp    UNCONN   0        0          0.0.0.0:68              0.0.0.0:*            users:(("dhclient",pid=901,fd=4))

• 0.0.0.0 or :: means listening on all interfaces (publicly exposed if no firewall).
• 127.0.0.1 or ::1 means localhost only (safe, not externally reachable).
• Look for unexpected processes or ports.

Quick variants:

• TCP listening only: sudo ss -tlnp
• Filter for a specific port: sudo ss -tlnp | grep :22
• All sockets (listening + established): sudo ss -tunap

2. Using netstat – Legacy Alternative

netstat is deprecated (man page warns about this) and slower, but still works if you install the net-tools package:

sudo apt install net-tools
sudo netstat -tulpn

Output format is very similar to ss. Prefer ss unless you have scripts relying on netstat.

3. Using lsof – List Open Files (Including Network Sockets)

lsof shows every open file descriptor, including network sockets. Install if needed:

sudo apt install lsof

List listening network ports:

sudo lsof -i -P -n | grep LISTEN

Or filter for TCP:

sudo lsof -iTCP -sTCP:LISTEN -P -n

This is especially useful when you want to see the full command line or parent process tree.

4. Using nmap – Network Scanner (Local or Remote View)

nmap scans for open ports and can identify services/versions. It’s excellent for verifying what is actually reachable (considering firewall rules like UFW/nftables).

Install:

sudo apt install nmap

Scan localhost (checks local listening ports + firewall):

sudo nmap -sT -O localhost
# or more detailed:
sudo nmap -sV -p- localhost

• -sT → TCP connect scan
• -sV → detect service/version
• -p- → all 65535 ports (slow but thorough)
• Add -sU for UDP (much slower)

From another machine (real external view):

nmap -sS -p 1-1000 your-server-ip

Use nmap when you suspect firewall differences between local listening state and external accessibility.

Quick Comparison Table

Security Notes

• Only trust local tools (ss, lsof) for what the server itself is listening on.
• Use nmap from outside (or via online port checkers cautiously) to confirm external exposure.
• Cross-check with your firewall: sudo ufw status verbose or sudo nft list ruleset.
• Unexpected open ports? Investigate the owning process immediately (ps -p PID -o command or sudo systemctl status service).

Start with sudo ss -tulnp — it gives you 95% of what you need quickly and accurately on modern Ubuntu Server.

If you’re seeing a specific port you didn’t expect, or need help interpreting output, paste relevant lines from ss -tulnp for more targeted advice.