How to Check for Open Ports on Debian

Checking ports is very important to determine which ports on your system are open and being listened to. Listening services can be a gateway for hackers who can exploit vulnerabilities in systems to gain access or compromise a system. It is not recommended to leave a service running when you are not using it. Besides, it consumes additional resources. That's why it's important that you constantly monitor the open ports of your system.

In this article, we will explain how to check for open ports on your Debian system in four different ways.

Note: The commands and procedures described in this article have been tested on a Debian 11 Bullseye and a Debian 12 Bookworm system.

Check open ports using ss command

The ss (socket statistics) command in Linux provides important information about network connections, including open ports and listening sockets. It obtains this information from the Linux kernel. When used without command-line arguments, the ss command displays detailed information about all current connections, regardless of their state. The ss command is the replacement for the netstat command. The ss command is included in the iproute2 package and is available on the Debian system. If you do not find it in your system, you can still install it easily.

Open the Terminal in your Debian system, and issue the following command in it:

$ sudo apt install iproute2

To check open ports on your Debian system, issue the following command in the Terminal:

$ sudo ss -tulpn

Where:

  • -t, --tcp: To see all TCP sockets
  • -u, --udp: To see all UDP sockets
  • -l, --listening: To see all listening sockets
  • -p, processes: To see which processes are using sockets
  • -n, --numeric: Use this option if you want to see a port number instead of service names

In the output, you will see a list of all listening TCP and UDP connections.

Find open Ports on Debian

The above output shows that only port 22 is opened on the system.

Note: If you are using the -p or --processes option with ss command, you must be root user or the user with sudo privileges. Otherwise, you will not be able to see the process identification number (PID) of the process running on the ports.

Check open ports using netstat command

Netstat command in Linux provides information about current network connections and statistics. Netstat has almost the same command options as that of ss command. In order to use the netstat command, you will need to install the net-tools. Issue the following command in Terminal to do so:

$ sudo apt-get install net-tools

Install net tools

Once installed, you can use the netstat command in your Debian Terminal.

To check open ports on your Debian system, issue the following command in it:

$ sudo netstat –tulnp

Where:

  • -t, --tcp: To see all TCP sockets
  • -u, --udp: To see all UDP sockets
  • -l, --listening: To see all listening sockets
  • -p, processes: To see which processes are using sockets
  • -n, --numeric: Use this option if you want to see a port number instead of service names

Check open ports with netstat command

The above output shows that only port 22 is opened on the system.

Note: If you are using the -p or --processes option with the netstat command, you must be the root user or the user with sudo privileges. Otherwise, you will not be able to see the process identification number (PID) of the process running on the ports.

Check open ports using the lsof command

The lsof command in Linux stands for list open files (as everything in Linux is a file, including devices, directories, ports, etc). Using the lsof command, you can look for information about the files opened by different processes.

The lsof command is available on the Debian system. However, in any case, if you do not find it in your system, you can install it easily using the following command in Terminal:

$ apt-get install lsof

In order to use lsof to view all listening TCP ports, issue the following command in Terminal:

$ sudo lsof -nP -iTCP -sTCP:LISTEN

Find open ports using lsof

The above output shows that only port 22 is opened on the system.

Check open ports using the Nmap utility

Nmap is a Linux command-line utility used to perform systems and network scans. It is mostly used for network auditing and security scans. It does not come installed by default on Linux systems, however, you can install it using the following command in Terminal:

$ sudo apt install nmap

Use Nmap to search for open ports

After running the above command, the system might ask for confirmation if you want to continue the installation or not. Hit y to continue, after that, the installation will be started on your system.

Once installed, you can use the Nmap to check for open ports on your system. To do so, issue the following command in Terminal:

$ sudo nmap –sT –p-65535 ip-address

As our system’s IP address is 192.168.72.158, therefore the command would be:

$ sudo nmap –sT –p-65535 192.168.72.158

Scan for ports using nmap

The above output shows that only port 22 is opened on the system.

That is all there is to it! In this article, we have discussed how to check open ports on a Debian system. I hope you liked the article!