Some Linux software works by listening for incoming connections. A simple example would be a web server, which handles user requests whenever someone navigates to a website. As a Linux administrator or user, it's important to always know which ports of your system are open to the internet. Otherwise, you could be unaware of outside connections being made to your computer, which consumes bandwidth and resources, along with being a potential security hole.
In this guide, we'll see how to check for open ports on Ubuntu Linux. This can be done with several different command line utilities, which we'll go over in detail. We'll also see how to use Ubuntu's ufw firewall to make sure ports are secure. So, do you know which ports of your system are open? Let's find out.In this tutorial you will learn:
- How to check for open ports with
- How to check for open ports with Nmap utility
- How to check for and add allowed ports in ufw firewall
|Category||Requirements, Conventions or Software Version Used|
|Software||ss, Nmap, ufw firewall|
|Other||Privileged access to your Linux system as root or via the |
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
Check for open ports with ss command
The ss command can be used to show which ports are listening for connections. It also shows which networks it's accepting the connections from.
We recommend using the
-ltn options with the command to see concise and relevant output. Let's look at an example on our test system.
$ sudo ss -ltn State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* LISTEN 0 5 127.0.0.1:631 0.0.0.0:* LISTEN 0 70 127.0.0.1:33060 0.0.0.0:* LISTEN 0 151 127.0.0.1:3306 0.0.0.0:* LISTEN 0 5 [::1]:631 [::]:* LISTEN 0 511 *:80 *:*
We can see that our server is listening for connections on port 80, 3306, and 33060. These are the well known ports associated with HTTP and MySQL.
You'll also see that the
ss output shows ports 53 and 631 are in a listening state. These are for DNS and Internet Printing Protocol, respectively. These are enabled by default, so you'll likely see them listening on your own system. The DNS port isn't actually open, but rather it provides name resolution to applications installed on our system.
To see which processes these listening ports belong to, include the
-p option in your command.
$ sudo ss -ltnp State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=530,fd=13)) LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=572,fd=7)) LISTEN 0 70 127.0.0.1:33060 0.0.0.0:* users:(("mysqld",pid=2320,fd=32)) LISTEN 0 151 127.0.0.1:3306 0.0.0.0:* users:(("mysqld",pid=2320,fd=34)) LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=572,fd=6)) LISTEN 0 511 *:80 *:* users:(("apache2",pid=2728,fd=4),("apache2",pid=2727,fd=4),("apache2",pid=2725,fd=4))
Now we can see that systemd-resolve, cupsd, mysqld, and apache2 are the services that are utilizing the ports to listen for incoming connections.
Check for open ports with nmap
Nmap is a network reconnaissance tool that can be used to check for open ports on remote hosts. However, we can also use it to check our own system to get a quick list of what ports are open.
Normally, we would specify a remote IP address for Nmap to scan. Instead, we can scan our own system by specifying
localhost in the command.
$ sudo nmap localhost Starting Nmap 7.80 ( https://nmap.org ) at 2021-03-12 20:43 EST Nmap scan report for localhost (127.0.0.1) Host is up (0.000012s latency). Not shown: 997 closed ports PORT STATE SERVICE 80/tcp open http 631/tcp open ipp 3306/tcp open mysql Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
Check what ports are open in ufw firewall
There's a big caveat you should keep in mind. When using the
nmap localhost commands on our local system, we're bypassing the firewall. Indeed, these commands show ports that are in a listening state, but that doesn't necessarily mean that the ports are open to the internet, because our firewall may be denying connections.
Check the status of ufw firewall with the following command.
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip
From the output, we can see that ufw is denying incoming connections. Since port 80 and 3306 have not been added as exceptions, HTTP and MySQL are not able to receive incoming connections, despite
nmap reporting that they are in a listening state.
Let's add exceptions for these ports with the following commands.
$ sudo ufw allow 80/tcp Rule added Rule added (v6) $ sudo ufw allow 3306/tcp Rule added Rule added (v6)
We can check the status of ufw again, to see that the ports are now open.
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp ALLOW IN Anywhere 3306/tcp ALLOW IN Anywhere 80/tcp (v6) ALLOW IN Anywhere (v6) 3306/tcp (v6) ALLOW IN Anywhere (v6)
Now our two ports are open in the firewall and in a listening state. To learn more about ufw firewall, including command examples, check our guide on installing and using ufw firewall on Linux.
In this guide, we saw how to use the
ss command, as well as the
nmap utility to check for listening ports on Ubuntu Linux. We also learned how to check ufw firewall to see what ports are open, and add exceptions if necessary.
If a port is in a listening state and is allowed through the firewall, it should be open to incoming connections. But this is also dependent on your router or other network devices sitting between your computer and the internet, since they may have their own rules that block incoming connections.