How to Check for Listening Ports in Linux: Find Open and Used Ports
When troubleshooting network connectivity or application-specific issues, one of the first things to check is what ports are actually in use on your system and which application is listening on a specific port.
This article explains how to use the ss command
, netstat, and the lsof command
to find out which services are listening on which ports. The instructions are applicable for all Linux and Unix-based operating systems like macOS.
What is a Listening Port
A network port is identified by its number, the associated IP address, and the type of the communication protocol, such as TCP or UDP.
A listening port is a network port on which an application or process listens on, acting as a communication endpoint.
Each listening port can be open or closed (filtered) using a firewall. In general terms, an open port is a network port that accepts incoming packets from remote locations.
You can’t have two services listening to the same port on the same IP address.
For example, if you are running an Apache web server that listens on ports 80 and 443 and you try to install Nginx
, the latter will fail to start because the HTTP and HTTPS ports are already in use.
Check Listening Ports with ss
ss is the modern replacement for netstat. It is faster, provides more detailed TCP state information, and is installed by default on all modern Linux distributions.
To get a list of all listening ports with ss, type:
sudo ss -tunlpThe options used in this command have the following meaning:
-t— Show TCP ports.-u— Show UDP ports.-n— Show numerical addresses instead of resolving hosts.-l— Show only listening ports.-p— Show the process using the socket. This information is shown only if you run the command as root or sudo user.
The output will look something like this:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=445,fd=3))
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=929,fd=13))
LISTEN 0 128 *:3306 *:* users:(("mysqld",pid=534,fd=30))
LISTEN 0 128 *:80 *:* users:(("apache2",pid=765,fd=4),("apache2",pid=764,fd=4),("apache2",pid=515,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=445,fd=4))
LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=929,fd=14))
LISTEN 0 70 *:33060 *:* users:(("mysqld",pid=534,fd=33))The important columns are:
State— The socket state.LISTENmeans the port is waiting for incoming connections.Local Address:Port— The IP address and port number the process listens on.users— The name and PID of the process using the socket.
To filter the results, you can pipe the output through grep
. For example, to find what process listens on TCP port 22:
sudo ss -tnlp | grep :22The ss command also has built-in filtering, which is faster than piping through grep:
sudo ss -tlnp sport = :22State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=445,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=445,fd=4))You can also filter by state, source address, or destination address. For example, to show all connections in the ESTABLISHED state:
ss -tn state establishedCheck Listening Ports with netstat
netstat
is a legacy command-line tool that provides information about network connections. On modern Linux distributions, netstat is not installed by default. It is part of the net-tools package, which you can install with:
# Debian/Ubuntu
sudo apt install net-tools
# CentOS/RHEL/Fedora
sudo dnf install net-toolsTo list all TCP or UDP ports that are listening, including the services using the ports and the socket status:
sudo netstat -tunlpThe options are the same as with ss:
-t— Show TCP ports.-u— Show UDP ports.-n— Show numerical addresses instead of resolving hosts.-l— Show only listening ports.-p— Show the PID and name of the listener’s process. This information is shown only if you run the command as root or sudo user.
The output will look something like this:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 445/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 929/master
tcp6 0 0 :::3306 :::* LISTEN 534/mysqld
tcp6 0 0 :::80 :::* LISTEN 515/apache2
tcp6 0 0 :::22 :::* LISTEN 445/sshd
tcp6 0 0 :::25 :::* LISTEN 929/master
tcp6 0 0 :::33060 :::* LISTEN 534/mysqld
udp 0 0 0.0.0.0:68 0.0.0.0:* 966/dhclientThe important columns are:
Proto— The protocol used by the socket.Local Address— The IP address and port number the process listens on.PID/Program name— The PID and the name of the process.
To find what process listens on a specific port, for example TCP port 22:
sudo netstat -tnlp | grep :22tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 445/sshd
tcp6 0 0 :::22 :::* LISTEN 445/sshdIf the output is empty, nothing is listening on that port. To test a port from another host, use netcat
.
netstat is obsolete and replaced with ss and ip
, but it is still one of the most used commands for checking network connections.
Check Listening Ports with lsof
lsof is a powerful command-line utility that provides information about files opened by processes.
In Linux, everything is a file. You can think of a socket as a file that writes to the network.
To get a list of all listening TCP ports with lsof, type:
sudo lsof -nP -iTCP -sTCP:LISTENThe options used are as follows:
-n— Do not resolve hostnames, show numerical addresses.-P— Do not convert port numbers to port names.-iTCP -sTCP:LISTEN— Show only network files with TCP state LISTEN.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 445 root 3u IPv4 16434 0t0 TCP *:22 (LISTEN)
sshd 445 root 4u IPv6 16445 0t0 TCP *:22 (LISTEN)
apache2 515 root 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
mysqld 534 mysql 30u IPv6 17636 0t0 TCP *:3306 (LISTEN)
mysqld 534 mysql 33u IPv6 19973 0t0 TCP *:33060 (LISTEN)
apache2 764 www-data 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
apache2 765 www-data 4u IPv6 16590 0t0 TCP *:80 (LISTEN)
master 929 root 13u IPv4 19637 0t0 TCP *:25 (LISTEN)
master 929 root 14u IPv6 19638 0t0 TCP *:25 (LISTEN)Most of the output column names are self-explanatory:
COMMAND,PID,USER— The name, the PID, and the user running the program associated with the port.NAME— The port number.
To find what process is listening on a particular port, for example port 3306:
sudo lsof -nP -iTCP:3306 -sTCP:LISTENThe output shows that the MySQL server uses port 3306:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 534 mysql 30u IPv6 17636 0t0 TCP *:3306 (LISTEN)For more information, visit the lsof man page and read about all other powerful options of this tool.
Common Mistakes
- Forgetting
sudo. Without root privileges, the-pflag will not show the process name or PID for ports owned by other users. The port will appear in the output, but the process column will be empty. - Confusing listening and established connections. The
-lflag shows only listening ports. Without it,ssandnetstatshow all connections, including established ones. If you only care about what services are running, always use-l. - Searching for a port without the colon. When using
grepto filter by port, always include the colon (e.g.,grep :22). Searching for just22will also match PIDs, addresses, and other numbers that contain22.
Quick Reference
| Task | Command |
|---|---|
| List all listening ports | sudo ss -tunlp |
| List all listening ports (netstat) | sudo netstat -tunlp |
| Find process on a specific port | sudo ss -tlnp sport = :80 |
| Find process on a specific port (grep) | sudo ss -tnlp | grep :80 |
| List listening TCP ports (lsof) | sudo lsof -nP -iTCP -sTCP:LISTEN |
| Find process on port 3306 (lsof) | sudo lsof -nP -iTCP:3306 -sTCP:LISTEN |
| Show established connections | ss -tn state established |
| Show all connections with process info | sudo ss -tunp |
FAQ
What is the difference between ss and netstat?
Both show network connection information. ss is the modern replacement — it is faster, provides more TCP state details, and is installed by default on modern Linux distributions. netstat requires the net-tools package and is considered obsolete.
Why is the process column empty in the output?
The process information is only visible when you run the command as root or with sudo. Without elevated privileges, the kernel does not expose process details for ports owned by other users.
How do I check if a specific port is open from a remote machine?
The commands in this article check listening ports on the local system. To test whether a port is reachable from a remote machine, use netcat
(nc -zv host port) or nmap.
Can two services listen on the same port?
No. Two services cannot listen on the same port and the same IP address simultaneously. If you try to start a service on a port that is already in use, it will fail with an “address already in use” error.
Conclusion
The ss command is the standard tool for checking listening ports on modern Linux systems. If you are on an older system, netstat provides equivalent functionality. The lsof command is useful when you need to see which process has a specific port open.
For a complete list of all available options, type man ss, man netstat, or man lsof in your terminal.
If you have any questions, feel free to leave a comment below.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page