Tux Toolkit

Building with opened window
Photo by Chris Barbalis on Unsplash

How to List Open Ports on Linux (and never forget)

TL;DR Just give me the command!

There are two commands you should be able to use depending on the distribution you are on and what is already installed.

ss

Almost all distributions will have the ss command available as part of the iproute2 package. To list open TCP ports with ss run the following command:

ss -lntp

Output of ss command

If ss is not installed you can install it with the iproute2 package:

sudo apt install iproute2 # Debian
sudo yum install iproute # Redhat
sudo pacman -S iproute2 # Arch

lsof

If ss doesn't work for you, you might be able to try lsof. Type the following in your terminal:

lsof -i -P -n | grep LISTEN

Output of lsof command

If lsof is not installed you can install it directly:

sudo apt install lsof # Debian
sudo yum install lsof # Redhat
sudo pacman -S lsof # Arch

Why don't I see the process name? Some ports may be opened by system commands/applications. If you are not seeing the names of some processes then try running the command with sudo to see more information.

How to remember

I find myself searching for this every few weeks. It's something I need occasionally but not enough to make an alias. Anyway, I've finally made an alias, and if you're reading this after searching for it, you should too.

Just pop this command in your RC file and never need to search again:

alias lp='lsof -i -P -n | grep LISTEN'

The downside with this alias is that it doesn't allow you to add extra arguments to the lsof command, so to allow that you can make it a shell function:

function lp() {
    lsof -i -P -n $@ | grep LISTEN
}

So what do the flags mean?

Aliases are all well and good if you're on your own machine, but it would be good to remember the full command when you are working on a different machine.

The best approach I've found is to understand the naming of the command and how that links to what I'm trying to do. I've always just copied the command without understanding it. So let's break these programs down and understand what's going on.

ss ss is the most likely to be installed and is primarily designed for the job of listing open ports. The name stands for socket statistics, and honestly just knowing that is probably enough to remember it next time you need it.

Each of the arguments is necessary for filtering the results down to the relevant entries and displaying them the way we want.

ss -lntp

Breakdown:

  • -l will limit the results to only ports that are actively listening
  • -n displays the port number instead of the port name (e.g. will show :80 instead of :http)
  • -t will limit the results to TCP connections, use -u to show UDP connections instead
  • -p displays the process information so you can see which application is using the port

A mnemonic that I like to use to remember the flags is "Listen Now To Ports"

lsof This is the one I prefer to use because it shows information that is more relevant, but the arguments are mostly the same. lsof stands for list open files. This one I actually find easier to remember because it's similar to ls which is for listing regular files.

lsof -i -P -n | grep LISTEN

Breakdown:

  • -i tells the command to display files listening on all IP addresses (or you can pass a specific one to filter by)
  • -P displays the port number instead of the port name (e.g. will show :80 instead of :http)
  • -n displays the host IP instead of the host name (e.g. will show 127.0.0.1: instead of localhost:)
  • | grep LISTEN filters the results to include only those that contain the string "LISTEN" i.e. only show the files listening on a particular port

To remember the flags you can use the mnemonic "Internet Ports Now!"

What about netstat?

For a long time netstat has been the go to program for listing open ports. Almost any article about open ports will mention it as the first thing to try.

But netstat is part of the net-tools package which has not been maintained since 2011. While it used to be installed on almost every system, it is now obsolete.

The iproute2 package is the main successor and ss the recommended command for those used to netstat.

In Summary

ss -lntp and lsof -i -P -n | grep LISTEN are the most effective ways to list open ports on modern Linux systems. By understanding their flags, you'll be able to adapt them quickly on any machine you use.