Support > About cybersecurity > Several core methods for viewing port status in Debian system
Several core methods for viewing port status in Debian system
Time : 2025-11-05 17:19:12
Edit : Jtti

When deploying and troubleshooting servers on Debian servers, it's crucial to quickly and accurately grasp port open and listening statuses. This is because ports are the entry points for network communication, and their status indicates whether a service is accessible. Whether for security auditing, service debugging, or resolving connection failures, understanding how to check port open status is essential.

`netstat` is a classic and comprehensive network statistics tool that can display information such as network connections, routing tables, and interface statistics. To view the TCP and UDP ports the system is listening on, you can execute:

`sudo netstat -tuln`

The parameters `-t` represent TCP, `-u` represent UDP, `-l` indicates that only sockets in listening status are displayed, and `-n` ensures that addresses and port numbers are displayed numerically, avoiding time-consuming domain name resolution.

If you need to restrict the output to specific ports, such as checking if port 80 is in use, you can combine it with `grep` for filtering:

`sudo netstat -tuln | grep ':80'`

On some newer Debian systems, `netstat` may not be installed by default. At this point, you can obtain it by installing the `net-tools` package:

`sudo apt-get update && sudo apt-get install net-tools`

`ss` (Socket Statistics) is the recommended alternative to `netstat` in modern Linux systems. It is faster and can display more connection status information. Its basic usage is similar to `netstat`:

`sudo ss -tuln`

The parameters have the same meaning as described above. To view all established connections and display the corresponding process names, you can use:

`sudo ss -tunap`

Like `netstat`, if `ss` is not installed on your system, it is usually included in the `iproute2` package and can be installed via a package manager.

`lsof` means "list open files." In Linux, network connections are also treated as files. Therefore, it can tell us precisely which process is using a specific port. For example, to find out who is listening on port 80, you can run:

`sudo lsof -i :80`

The command output will clearly show the process name (COMMAND), process ID (PID), and user (USER) using that port. This is especially useful when resolving port conflicts.

`nmap` is a powerful network discovery and security auditing tool. Scanning your local host from an external perspective can help you confirm which ports are truly open.

`sudo nmap -sT -O localhost`

This command scans common TCP ports on your local host. `-sT` specifies a TCP connection scan, and `-O` attempts to identify the operating system. You can also replace `localhost` with your server's IP address to scan from other machines on the network to verify that firewall rules are correct.

What are some practical scenarios for troubleshooting port issues?

Scenario 1: Confirming if a service is listening on the expected port

After deploying a web service (such as Nginx), you can use `ss` or `netstat` to quickly confirm whether the service is running and listening on port 80 or 443.

`sudo ss -tuln | grep ':443'`

Scenario 2: Resolving the "Port Already in Use" Error

When starting a service and encountering an error message indicating that a port is already in use, `lsof` can directly pinpoint the culprit.

`sudo lsof -i :<port number in use>`

After finding the process ID (PID), you can choose to terminate the process or reconfigure your service.

Scenario 3: Verifying Firewall Rules are Effective

Sometimes a service tests normally on the local machine but cannot be accessed remotely. This may be because the firewall is blocking the connection. After configuring a firewall (such as UFW) to allow specific ports, using `nmap` to scan that port from the outside is a reliable way to verify whether the rules are effective.

`nmap -p <port number> <your server IP>`

If the status shows "open", it means the port has been successfully opened.

In Debian systems, `ss` and `netstat` are suitable for quickly checking the local listening ports, `lsof` excels at precisely locating the association between ports and processes, while `nmap` provides an authoritative external view of port open status verification. It is recommended that you flexibly choose these tools according to your actual scenario. Furthermore, good operating habits, such as regularly using these commands for security checks, recording the standard port numbers used by services, and carefully verifying any changes to firewall rules (such as those using `ufw`), will help you manage and maintain your Debian system more effectively.

 

Relevant contents

Analysis of methods for viewing virtual host databases Can the old DNS resolution be retained after a domain name is changed to a different DNS server? Common causes and solutions to DNS domain name resolution conflicts Causes and solutions for slow MySQL database access VPS Server High-Speed ​​Line Analysis and Selection Guide What is CXL memory pooling technology? Explained in one article! The speeding effect of intelligent DNS resolution on cross-border websites Strategies and Techniques for Overseas Cloud Server Rental in 2025 A letter to new users of Japanese server rental The difference between smart DNS resolution and traditional DNS resolution
Go back

24/7/365 support.We work when you work

Support

JT TELECOM INTERNATIONAL PTE.LTD
Global Network Infrastructure Service Provider

Pre-sales consultation JTTI-Defl JTTI-Coco JTTI-Selina JTTI-Ellis JTTI-Eom JTTI-Jean JTTI-Amano Technical Support JTTI-Noc