Monitoring open network ports is one of the most important tasks for system administrators, developers, and network engineers. Every service running on a Linux system communicates over a port, either using TCP (Transmission Control Protocol) or UDP (User Datagram Protocol). Being able to watch TCP and UDP ports in real-time helps detect unauthorized connections, troubleshoot network issues, and ensure system security.
In this guide, you will learn:
What TCP and UDP ports are
Why monitoring them is important
Commands to list open ports in Linux
How to watch TCP and UDP ports in real-time using
netstat,ss, andwatchBest practices for monitoring ports continuously
What Are TCP and UDP Ports?
A port is a logical endpoint that allows applications or services to communicate over a network. On Linux systems, each service binds to a port number and communicates via either TCP or UDP.
TCP Ports: Used for reliable communication where data integrity and order matter, such as web browsing (HTTP/HTTPS), email, or file transfers.
UDP Ports: Used for faster communication where speed is more important than reliability, such as video streaming, gaming, or DNS queries.
Each port is identified by a number (ranging from 0 to 65535). For example:
Port 22 → SSH (TCP)
Port 53 → DNS (UDP)
Port 80 → HTTP (TCP)
Why Watch TCP and UDP Ports in Real-time?
Watching ports in real-time is crucial for:
Security: Detect unauthorized services or potential malware that open hidden ports.
Troubleshooting: Identify why a specific service is failing or not responding.
Performance monitoring: Ensure critical services (e.g., web servers, databases) are running on the correct ports.
Auditing: Monitor activity during penetration testing or compliance checks.
List All Open Ports in Linux
To list open ports, you can use either the netstat command or the ss utility.
Using netstat
sudo netstat -tulpn
Using ss
Flags explained:
-t→ Show TCP ports-u→ Show UDP ports-l→ Show only listening ports-n→ Show port numbers instead of service names-p→ Show process/program name
Example output will show which services are listening, their protocol (TCP/UDP), and the process ID.
Note: The netstat command is deprecated in newer Linux distributions. Use ss for more detailed results.
Watch TCP and UDP Ports in Real-time
To monitor changes dynamically, combine netstat or ss with the watch command.
Watch with netstat
This command refreshes output every 2 seconds by default. To stop, press Ctrl + C.
Advanced Monitoring Options
While netstat, ss, and watch are the simplest methods, you can also use advanced tools for deeper insights.
lsof: Lists open files and network sockets.
nmap: A network scanner useful for auditing and security checks.
iftop or iptraf: Monitor live network traffic alongside open ports.
Best Practices for Monitoring TCP and UDP Ports
Regularly check for unauthorized open ports to prevent intrusions.
Automate monitoring with scripts and integrate results into logging systems.
Restrict access to sensitive ports (like SSH) with firewalls or security groups.
Use real-time monitoring when performing system updates, debugging applications, or testing firewall rules.
Conclusion
Knowing how to watch TCP and UDP ports in real-time is an essential skill for Linux administrators and security professionals. Using commands like ss and netstat with the watch utility makes monitoring simple, while tools like lsof and nmap provide advanced insights. By regularly monitoring ports, you enhance system security, troubleshoot issues effectively, and maintain a stable network environment.
FAQ:-
1. What is the difference between TCP and UDP ports?
TCP is connection-oriented and ensures data delivery, while UDP is connectionless and faster but without delivery guarantees.
2. Is netstat still supported on Linux?
Netstat is deprecated in newer Linux versions. The recommended alternative is the ss command.
3. How do I stop the watch command?
Press Ctrl + C to exit the watch utility.
4. Can I monitor ports on remote servers?
Yes, you can use tools like nmap or SSH into the remote server and run ss or netstat.
5. Why is real-time port monitoring important?
It helps detect suspicious activity, troubleshoot failures, and ensure critical services remain available.
Also Read…
- Linux Networking Commands for Sysadmins: A Complete Guide
- Most Useful Linux Ping Command (Ping Utility) With Examples
- Best Linux Ifconfig Command With Examples
- How To Install Wireshark Network Analyzer In Ubuntu – A Best Network Traffic Analyzer For Linux
- Setup Netdata For Real Time Performance Monitor In Linux System