In software terms, especially at the operating system level, a port is a logical construct that identifies a specific process/application or a type of network service and each network service running on a Linux system uses a particular protocol (the most common being the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)) and a port number for communicating with other processes or services.
In this short article, we will show you how to list and monitor or watch running TCP and UDP ports in real-time with a socket summary on a Linux system.
List All Open Ports in Linux
To list all open ports on a Linux system, you can use the netstat command or ss utility as follows.
It is also crucial to mention that netstat command has been deprecated and instead ss command has taken its place in showing more detailed network statistics.
$ sudo netstat -tulpn OR $ sudo ss -tulpn
From the output of the above command, the State column shows whether a port is in a listening state (LISTEN) or not.
In the above command, the flag:
-t– enables listing of TCP ports.
-u– enables listing of UDP ports.
-l– prints only listening sockets.
-n– shows the port number.
-p– show process/program name.
Watch TCP and UDP Open Ports in Real-Time
However, to watch TCP and UDP ports in real-time, you can run the netstat or ss tool with the watch utility as shown.
$ sudo watch netstat -tulpn OR $ sudo watch ss -tulpn
To exit, press
You will also find the following articles useful:
- 3 Ways to Find Out Which Process Listening on a Particular Port
- How to Check Remote Ports are Reachable Using ‘nc’ Command
- How to List All Running Services Under Systemd in Linux
- 29 Practical Examples of Nmap Commands for Linux System/Network Administrators
That’s all for now! If you have any questions or thoughts to share about this topic, reach us via the comment section below.
14 thoughts on “How to Watch TCP and UDP Ports in Real-time”
Thanks a lot
It’s a really good tutorial…
Thanks for the feedback.
Thanks a lot!
Welcome, thanks for the useful feedback.
It’s a really good tutorial…
Many thanks for writing back.
I’d recommend tcpdump with no filter for “real-time” information.
tcpdump this is quite different.
The author of the guide probably did not notice that he wrote a little ambiguously. However, people more associate the tcpdump command with the tool for viewing transmitted data.
The “watch” command runs another command periodically from time to time. The name of the command is not important here. Real-time can have two definitions here.
The first is “speed performance 1 kbit/s”
Second, “the ability to display the entire data queue per second”.
For someone, refreshment once every two seconds or once a month can also be real-time.
This is the magic of human definition.
More in “man watch” and in first line of output.
“admin” / Aaron, maybe this tutorial is not big about “watch” command how to use and how to get help, but don’t worry, because I like to read something interesting.
I mean, it is better than nothing or nonsense and I read with pleasure.
So forgive me sometimes harsh words.
A very good article to monitor running ports in real-time in Linux.
The title of this article is misleading. the watch command is batch based on a timer event triggering you can specify the granularity but it’s clearly not real-time.
What is the practical use of watching one’s open ports? Other than dubious entertainment.
You don’t need to write the same command to check.
However, if you see the open port, it means that malware/virus is too slow to open and close port below 2s.
Finally – a useful article linked to Google News.