How To Check Open Ports in Linux

As a system administrator, you should know how to check open ports on a Linux Server. There are a couple of commands we can use for this. One is ss, another one is nmap.

Run the following command to list open ports on your local Linux system:

ss -tuln | grep -i listen

The output of the preceding command is as shown in the screenshot:

Just because the ss command reports the port is listening doesn't mean it's accessible outside the system. For example, the MySQL port (3306) only listens on localhost (127.0.0.1). It is not open to the outside.

Also, remember that a port will not be accessible to remote hosts if a firewall is blocking the port.

Using Nmap Command To Check Open Ports

To check if a port is open to a remote computer, use the nmap command.

For example, the following command lists open ports on the host 192.168.1.1:

nmap 192.168.1.10

If you are on Ubuntu/Debian Linux, you can install nmap with sudo apt update && sudo apt install nmap. For CentOS/Fedora, the command is: dnf install nmap.

If the ss command shows that a port is open and nmap does not, this may indicate that the port is not listening on remote connections or that the firewall is blocking the port.

If you are on Ubuntu Linux, you can run the following command to check which ports are allowed through the Ubuntu Firewall:

sudo ufw status

Using Telnet

Another command is telnet which you can use to test a specific port on a remote computer. In the following example, the telnet command will try to establish a connection with the remote host through port 22.

telnet 192.168.1.10 22

If the port is not open, then the telnet command will timeout and fail.