How to locate and close an open port in Linux

Locating and blocking unwanted open ports in Linux should be a task every network admin knows how to do.

Information network concept. Smart city.

Image: Getty Images/iStockphoto

So you’re a network administrator and you have a number of Linux machines in your data center. You’ve found some odd traffic bouncing about your network and your curiosity is piqued. Is it possible that traffic is making use of an open port on a machine? If so, where’s the port and how do you close it?

On those Linux machines, the task is actually pretty simple. I want to show you how to locate an open port and close it. I’ll be demonstrating on Ubuntu Server 18.04, although the process will be similar on many distributions—the only difference being how you close the port.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

What you’ll need

In order to make this work, all you’ll need is a running instance of Ubuntu Server and a user account with sudo privileges. 

How to locate a listening port

Fortunately, you don’t have to install any software to make this work. Why? Because we’ll be using the ss command (as netstat has been deprecated) to view the listening ports on your server. This will be done completely from the command line, so either log into your server or use secure shell for access. Once you’re at the bash prompt, issue the command:

sudo ss -tulwn | grep LISTEN

The options are as follows:

  • -t  Show only TCP sockets on Linux
  • -u Display only UDP sockets on Linux
  • -l Show listening sockets (for example, TCP port 22 is opened by SSHD server)
  • -p List process name that opened sockets
  • -n Don’t resolve service names 

The output (Figure A) will list out only the listening ports.

Figure A


As you can see, there are only a handful of listening ports on this machine (53, 22, 631, 445, 3306, 11211, 80, 8080). That’s a pretty slim listing of ports. 

If you’re unsure of what port…