How to Watch TCP and UDP Ports in Real-time

In software terms, especially at the operating system level, a port is a logical construct that identifies a specific process/application or a type of network service and each network service running on a Linux system uses a particular protocol (the most common being the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)) and a port number for communicating with other processes or services.

In this short article, we will show you how to list and monitor or watch running TCP and UDP ports in real-time with a socket summary on a Linux system.

List All Open Ports in Linux

To list all open ports on a Linux system, you can use the netstat command or ss utility as follows.

It is also crucial to mention that netstat command has been deprecated and instead ss command has taken its place in showing more detailed network statistics.

$ sudo netstat -tulpn
$ sudo ss -tulpn
List Open Ports in Linux

List Open Ports in Linux

From the output of the above command, the State column shows whether a port is in a listening state (LISTEN) or not.

In the above command, the flag:

  • -t – enables listing of TCP ports.
  • -u – enables listing of UDP ports.
  • -l – prints only listening sockets.
  • -n – shows the port number.
  • -p – show process/program name.

Watch TCP and UDP Open Ports in Real-Time

However, to watch TCP and UDP ports in real-time, you can run the netstat or ss tool with the watch utility as shown.

$ sudo watch netstat -tulpn
$ sudo watch ss -tulpn
Watch Open Ports in Real Time in Linux

Watch Open Ports in Real Time in Linux

To exit, press Ctrl+C.

You will also find the following articles useful:

  1. 3 Ways to Find Out Which Process Listening on a Particular Port
  2. How to Check Remote Ports are Reachable Using ‘nc’ Command
  3. How to List All Running Services Under Systemd in Linux
  4. 29 Practical Examples of Nmap Commands for Linux System/Network Administrators

That’s all for now! If you have any questions or thoughts to share about this topic, reach us via the comment section below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide
The Complete Linux System Administrator Bundle
Become an Ethical Hacker Bonus Bundle

You may also like...

14 Responses

  1. Jalal says:

    Thanks a lot

    It’s a really good tutorial…

  2. Kacper Perschke says:

    Thanks a lot!

  3. Satish says:

    It’s a really good tutorial…

  4. Douglas C Bodden says:

    I’d recommend tcpdump with no filter for “real-time” information.

    • guest says:

      tcpdump this is quite different.

      The author of the guide probably did not notice that he wrote a little ambiguously. However, people more associate the tcpdump command with the tool for viewing transmitted data.

      The “watch” command runs another command periodically from time to time. The name of the command is not important here. Real-time can have two definitions here.

      The first is “speed performance 1 kbit/s”
      Second, “the ability to display the entire data queue per second”.

      For someone, refreshment once every two seconds or once a month can also be real-time.

      This is the magic of human definition.

      More in “man watch” and in first line of output.

    • guest says:

      “admin” / Aaron, maybe this tutorial is not big about “watch” command how to use and how to get help, but don’t worry, because I like to read something interesting.

      I mean, it is better than nothing or nonsense and I read with pleasure.

      So forgive me sometimes harsh words.

  5. Xitong Li says:

    A very good article to monitor running ports in real-time in Linux.

  6. Richard says:

    The title of this article is misleading. the watch command is batch based on a timer event triggering you can specify the granularity but it’s clearly not real-time.

  7. dragonmouth says:

    What is the practical use of watching one’s open ports? Other than dubious entertainment.

    • guest says:

      You don’t need to write the same command to check.

      However, if you see the open port, it means that malware/virus is too slow to open and close port below 2s.

  8. Joe says:

    Finally – a useful article linked to Google News.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.