How to Check Listening Ports and Identify Running Services in Ubuntu


2 views

The most fundamental tool for checking open ports is the netstat command (or its modern replacement ss):


sudo netstat -tulnp
# OR
sudo ss -tulnp

This will display:

  • -t: TCP ports
  • -u: UDP ports
  • -l: Listening ports
  • -n: Show numerical addresses
  • -p: Show process/PID information

Sample output might look like:

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1234/mysqld
tcp6       0      0 :::80                   :::*                    LISTEN      5678/apache2

This shows MySQL running on port 3306 (localhost only) and Apache on port 80 (IPv6 any address).

Using lsof


sudo lsof -i -P -n | grep LISTEN

Breakdown of flags:

  • -i: Show network connections
  • -P: Show port numbers (not service names)
  • -n: Show numerical addresses

Checking Specific Ports

To check if a specific port is in use:


sudo lsof -i :22
# OR
sudo netstat -tulnp | grep :22

For more detailed analysis, nmap can be installed:


sudo apt install nmap
nmap -sT -O localhost

To find which services are configured to start automatically:


systemctl list-unit-files --type=service --state=enabled

Remember that ufw or other firewalls might be blocking ports even if services are listening:


sudo ufw status verbose

The traditional way to check listening ports is using netstat. While it's being deprecated in favor of ss, many systems still have it installed:

sudo netstat -tulnp

Breakdown of flags:

  • -t: Show TCP ports
  • -u: Show UDP ports
  • -l: Show only listening ports
  • -n: Show numeric addresses instead of resolving hostnames
  • -p: Show process information

The ss command is faster and more efficient than netstat:

sudo ss -tulnp

Output example:

Netid  State   Recv-Q  Send-Q  Local Address:Port   Peer Address:Port
tcp    LISTEN  0       80      127.0.0.1:3306       *:*       users:(("mysqld",pid=1234,fd=21))

To check if a specific port is in use:

sudo lsof -i :22
sudo ss -tuln | grep ':22'

For a more comprehensive view (requires installation):

sudo apt install nmap
sudo nmap -sT -O localhost

This will show:

  • Open ports
  • Service versions
  • OS detection

For services managed by systemd:

sudo netstat -tulnp | grep systemd
sudo systemctl list-sockets

To find which services are configured to start at boot and listen on ports:

sudo systemctl list-unit-files --type=service | grep enabled

For desktop users, install gnome-nettool:

sudo apt install gnome-nettool

Then run it from your application menu or via terminal:

gnome-nettool

Remember that ports might be blocked by UFW or other firewalls even if services are listening:

sudo ufw status verbose