How to Check Ports Open for Incoming Connections on Ubuntu 24.04/22.04

Updated:

1. Using ss (Socket Statictics) Command:

sudo ss -tuln

Here:

  • -t (or --tcp): Display TCP sockets.
  • -u (or --udp): Display UDP sockets.
  • -l (or --listening): Display listening sockets only.
  • -n (or --numeric): Display numeric addresses – don’t resolve to service names.

(source)

Output example:

Netid    State     Recv-Q   Send-Q    Local Address:Port   Peer Address:Port   Process
udp      UNCONN    0        0         127.0.0.53%lo:53          0.0.0.0:*
tcp      LISTEN    0        4096            0.0.0.0:443         0.0.0.0:*
tcp      LISTEN    0        4096            0.0.0.0:80          0.0.0.0:*
tcp      LISTEN    0        4096      127.0.0.53%lo:53          0.0.0.0:*
tcp      LISTEN    0        128             0.0.0.0:22          0.0.0.0:*
tcp      LISTEN    0        4096            0.0.0.0:25          0.0.0.0:*
tcp      LISTEN    0        4096               [::]:443            [::]:*
tcp      LISTEN    0        4096               [::]:80             [::]:*
tcp      LISTEN    0        128                [::]:22             [::]:*
tcp      LISTEN    0        4096               [::]:25             [::]:*

0.0.0.0:25 means port 25 is open for incoming connections.

Please notice: If you don’t allow incoming connections to port 25 in the ufw (Uncomplicated Firewall), the ss command above will still show this port as open.

2. Using nmap to Scan Open Ports:

sudo nmap -sS -p- 127.0.0.1

Here:

  • -sS: Perform a stealth scan.
  • -p-: Scan all 65535 ports.

(source)

Output example:

Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Not shown: 65529 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
443/tcp   open  https
3306/tcp  open  mysql
33060/tcp open  mysqlx

Please notice: If you don’t allow incoming connections to port 25 in the ufw (Uncomplicated Firewall), the nmap command above will still show this port as open.

If nmap is not installed, install it with:

sudo apt update
sudo apt install nmap

3. Using lsof Command

The lsof command can show which processes are using network ports.

sudo lsof -i -P -n | grep LISTEN

Here:

  • -i: Displays network-related files (for example, open ports and network connections). It limits the output to files associated with Internet protocols such as TCP and UDP.
  • -P: Displays port numbers instead of service names (for example, showing 80 instead of http).
  • -n: Prevents the conversion of IP addresses to hostnames, displaying numeric addresses instead of human-readable names.

(source)

Output example:

systemd-r  636 systemd-resolve   14u  IPv4  20007      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd       748            root    3u  IPv4  20720      0t0  TCP *:22 (LISTEN)
sshd       748            root    4u  IPv6  20740      0t0  TCP *:22 (LISTEN)
apache2    828            root    4u  IPv6  20992      0t0  TCP *:80 (LISTEN)
apache2    828            root    6u  IPv6  20996      0t0  TCP *:443 (LISTEN)
mysqld     832           mysql   31u  IPv6  22004      0t0  TCP *:33060 (LISTEN)
mysqld     832           mysql   35u  IPv6  22087      0t0  TCP *:3306 (LISTEN)
master    1736            root   13u  IPv4  23050      0t0  TCP *:25 (LISTEN)
master    1736            root   14u  IPv6  23051      0t0  TCP *:25 (LISTEN)

Please notice: lsof displays a list of processes using network ports. Even if a firewall blocks a port, lsof will still show it.

4. Using ufw (if Active)

If the ufw (Uncomplicated Firewall) is active, you can view the allowed ports:

sudo ufw status

Output example:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere

If you want to see the added rules, even if the firewall is inactive:

sudo ufw show added

But for these rules to work, the firewall must be up and running, of course.

5. Using firewalld (if Installed)

sudo firewall-cmd --list-all

This command will show you the active rules, including open ports, in the firewall.

Output example:

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Please be careful: If services are enabled in the rules, their ports may not be explicitly shown by the command above, but they are still open.

If you need to add additional services, you can do it as:

sudo firewall-cmd --permanent --add-service={http,https} --permanent

(source)

To apply the configuration changes, it is necessary to reload the firewall configuration:

sudo firewall-cmd --reload

Conclusion

Thanks for reading to the end!

If you have any questions or suggestions, please post them in the comments section below.

Sergei Korolev
Sergei Korolev
Web developer and the author of all articles on this site. With over 26 years of programming experience, he has specialized in web programming for more than 20 years. He is a Zend Certified Engineer in PHP 5.3 and holds several additional certifications in programming, SEO, web design, UX design, digital marketing, copywriting. You can see his resume here. He is available for remote projects at a rate of $60 USD per hour. You can contact him via this contact form. He currently lives in Belgrade, Serbia.

Leave a Reply

Your email address will not be published. Required fields are marked *

Close