In Linux, there are various methods to check the usage of ports and their corresponding applications. Here are several commonly used methods:
1. Use the <span>ss</span> command (recommended)
<span>ss</span> (Socket Statistics) is a modern replacement for <span>netstat</span>, which is more efficient.
# View all listening ports and corresponding programs
sudo ss -tulnp
# Parameter explanation:
# -t: TCP ports
# -u: UDP ports
# -l: show only listening ports
# -n: display ports in numeric form (do not resolve service names)
# -p: display process information
sudo ss -tulnp # View all listening ports
sudo ss -tunp # View all established connections
Output example::
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1234,fd=3))
LISTEN 0 100 127.0.0.1:6379 0.0.0.0:* users:(("redis-server",pid=5678,fd=6))
2. Use the <span>netstat</span> command (traditional tool)
If the system does not have <span>ss</span> installed, you can use <span>netstat</span>:
sudo netstat -tulnp
Output example::
[root@localhost ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 306102/minio
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1308/redis-server
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 814/rpcbind
3. Use the <span>lsof</span> command
<span>lsof</span> can list files opened by processes (including network ports):
# View all network connections and processes
sudo lsof -i
# View a specific port (e.g., 6379)
sudo lsof -i :6379
# View TCP connections
sudo lsof -i TCP
# View UDP connections
sudo lsof -i UDP
Output example::
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 46u IPv6 23678 0t0 TCP *:websm (LISTEN)
rpcbind 806 rpc 6u IPv4 16313 0t0 UDP *:sunrpc
rpcbind 806 rpc 7u IPv4 16314 0t0 TCP *:sunrpc (LISTEN)
rpcbind 806 rpc 8u IPv6 16315 0t0 UDP *:sunrpc
rpcbind 806 rpc 9u IPv6 16316 0t0 TCP *:sunrpc (LISTEN)
chronyd 856 chrony 6u IPv4 23773 0t0 UDP localhost:323
chronyd 856 chrony 7u IPv6 23774 0t0 UDP localhost:323
4. Use the <span>fuser</span> command
# View the usage of a specific port
sudo fuser 80/tcp
sudo fuser 53/udp
# Display detailed information
sudo fuser -v 80/tcp
Output example::
[root@localhost ~]# fuser -v 9090/tcp 用户 进程号 权限 命令
9090/tcp: root 1 F.... systemd
5. Check the service name corresponding to the port
# Resolve port services through the /etc/services file
grep 6379 /etc/services
# Or use nmap to scan local ports
sudo nmap -sT -O 127.0.0.1
Output example::
[root@localhost ~]# grep 6379 /etc/services
redis 6379/tcp # An advanced key-value cache and store
[root@localhost ~]# nmap -sT -O 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2025-09-02 13:39 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0023s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
9000/tcp open cslistener
9001/tcp open tor-orport
9090/tcp open zeus-admin
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.48 seconds
6. Check the open ports in the firewall
# View firewall rules (iptables)
sudo iptables -L -n
# View open ports in firewalld (CentOS/RHEL)
sudo firewall-cmd --list-ports
Output example::
[root@localhost ~]# firewall-cmd --list-ports
6379/tcp
7. Quick check of common port status
# Check if a port is open (e.g., 80)
telnet 127.0.0.1 80
# Or use nc (netcat)
nc -zv 127.0.0.1 22
Output example::
[root@localhost ~]# nc -zv 127.0.0.1 6379
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:6379.
Ncat: 0 bytes sent, 0 bytes received in 0.22 seconds.
[root@localhost ~]# telnet 127.0.0.1 9000
Trying 127.0.0.1...Connected to 127.0.0.1.
Escape character is '^]'.
^]HTTP/1.1 400 Bad Request
Content-Type: text/plain; charset=utf-8
Connection: close
400 Bad Request
Connection closed by foreign host.
8. Graphical tools (optional)
-
<span>nmap</span>: Scan for open ports on local or remote hosts.sudo nmap -sV 127.0.0.1 -
<span>gnome-nettool</span>(GUI): Suitable for desktop environments.
9. Common Ports and Services Reference Table
| Port | Common Services |
|---|---|
| 22 | SSH |
| 80 | HTTP |
| 443 | HTTPS |
| 6379 | Redis |
| 3306 | MySQL/MariaDB |
| 5432 | PostgreSQL |
| 27017 | MongoDB |
Summary
| Scenario | Recommended Command |
|---|---|
| Quickly view all listening ports | <span>sudo ss -tulnp</span> |
| Check specific port usage | <span>sudo lsof -i :port_number</span> |
| Verify if a port is open | <span>nc -zv IP port</span> |
| Find the port used by a process | <span>sudo ss -p | grep <PID></span> |
By using the above methods, you can comprehensively understand the relationship between ports and programs in the Linux system, which is helpful for troubleshooting network or service issues.