A Beginner’s guide to understanding Ports in Linux Systems

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article.  You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

Table of Contents

Cloud VPS S

$5.50 Monthly
  • 4 vCPU Cores | 8GB RAM


$15.50 Monthly
  • 6 vCPU Cores | 16GB RAM


$17.50 Monthly
  • 8 vCPU Cores | 24GB RAM

By definition, a port refers to a communication endpoint that is associated with a specific process or service on a computer. Ports are used to enable communication between different applications or services over a network.

To further understand ports properly, let’s imagine a bustling city like New York. Each building houses a different business, offering unique services. But how do customers find the specific store they need? That’s where street addresses come in. In Linux, ports play a similar role, directing incoming traffic to the right application.

Think of ports as numbered doorways on your computer. Each port has a unique identifier (like a building address) ranging from 1 to 65535. When you access a website, send an email, or use any online service, your request travels through the network and arrives at your computer’s IP address. But how does it know which application to target? That’s where the port number comes in!

How many Networking ports are there?

In computer networking, a port range refers to a group of consecutive port numbers. These numbers act as unique identifiers for different services or applications running on a device, just like doors leading to specific rooms in a building.

There are a total of 65,535 possible port numbers in the computer networking world! Imagine a towering skyscraper with 65,535 floors, each floor representing a unique port number. That’s a vast amount of potential communication channels!

Port ranges are categorized as follows;

Well-known ports (0-1023)

These are reserved for specific services or protocols and they range from 0-1023. The most common well-known ports are shown in the table below:

21TCPFTP Control
25TCPSMTP (Simple Mail Transfer Protocol)
53TCP/UDPDNS (Domain Name System)
67UDPDHCP (Dynamic Host Configuration Protocol)
68UDPDHCP (Dynamic Host Configuration Protocol)
80TCPHTTP (Hypertext Transfer Protocol)
110TCPPOP3 (Post Office Protocol version 3)
143TCPIMAP (Internet Message Access Protocol)
443TCPHTTPS (Hypertext Transfer Protocol Secure)
989TCPFTPS Data (FTP Secure)
990TCPFTPS Control (FTP Secure)

Registered ports (1024-49151)

These are the designated office spaces or apartments, assigned to specific organizations for their services. Companies or software developers can register a port number for their application or protocol, ensuring consistency and avoiding conflicts.

Here’s a table listing some registered ports (1024-49151), along with their associated protocols and services:

1433TCPMicrosoft SQL Server
1521TCPOracle Database
3306TCPMySQL Database
5060UDP/TCPSession Initiation Protocol (SIP)
5432TCPPostgreSQL Database
6660-6669TCPInternet Relay Chat (IRC) – Unprivileged ports
8080TCPHTTP alternate (commonly used for web proxies)
8443TCPHTTPS alternate
8888TCPHTTP alternate (commonly used for web proxies)
9090TCPApache Tomcat (Java)
10000TCPWebmin – Web-based system administration
27017TCPMongoDB Database
3389TCPRemote Desktop Protocol (RDP)

Dynamic or private ports (49152-65535)

These ports are available for dynamic assignment by applications and are commonly used for temporary connections.

They’re kind of temporary guest rooms or delivery entrances, used for short-term connections and applications. When you open a web page, your device might use a random port in this range to communicate with the web server. These ports are automatically assigned and released as needed.

TCP ports Vs. UDP ports

TCP stands for Transmission Control Protocol, which is one of the main protocols in the Internet Protocol (IP) suite and is used for communication over networks, including the Internet. TCP ensures that data is reliably and accurately delivered from one computer to another.

TCP ports offer logical endpoints to TCP-based applications to exchange information. For example, when a client wants to communicate with a server, it initiates a connection by specifying the IP address and port number of the server it wants to connect to. The server listens for incoming connections on its specified TCP port.
Once a connection is established, data can be exchanged between the client and server through that port

UDP on the other hand stands for User Datagram Protocol, which is another protocol in the Internet Protocol (IP) suite, like TCP. UDP ports are similar to TCP ports in that they are used to identify specific processes or services on a computer. However, there are significant differences between UDP and TCP, and these differences impact how ports are used in each protocol;

While TCP is connection-oriented, establishing connections before data exchange, and ensuring reliable and ordered delivery of data, UDP is connectionless, meaning that it does not establish a connection before sending data, and there is no guarantee of reliable or ordered delivery.

When are TCP ports used?

TCP ports are used in situations where reliable and ordered communication is crucial. For instance, when you’re browsing the web securely (HTTPS), sending emails (SMTP, IMAP, POP3), transferring files (FTP), accessing databases (MySQL, PostgreSQL, MSSQL), connecting to a remote computer (SSH), or using remote desktop services (RDP), TCP ports come into play.

These ports ensure that data is transmitted in a dependable and organized manner. Applications like secure web browsing, email exchange, file transfers, and database interactions require the reliability provided by TCP to ensure that information is accurately delivered and received. The connection-oriented nature of TCP ensures the integrity of the data being exchanged, making it suitable for a wide range of critical applications in various domains.

When are UDP Ports used?

UDP ports are employed in scenarios where a lightweight and faster communication approach is prioritized over reliability and ordered delivery. Applications such as real-time online gaming, live streaming, and Voice over IP (VoIP) leverage UDP ports. In these situations, a slight loss of data packets is acceptable if it means achieving lower latency and faster communication. Unlike TCP, UDP does not establish a connection before sending data and doesn’t guarantee the ordered delivery of packets. This makes UDP suitable for applications where speed is critical, and occasional data loss can be tolerated without significantly impacting the user experience.

Relationship between Network Ports and IP Addresses

The relationship between network ports and IP addresses can be explained by using an analogy of an apartment building. Imagine the building as a device connected to the internet, while each apartment within is a specific service or application running on that device.

IP Address:

  • Your IP address is like the building’s address. It uniquely identifies the entire building on the internet and allows other devices to find it. Just like there can’t be two buildings with the same address, each device on the internet must have a unique IP address.

Port Number:

  • A port number is like the apartment number within the building. It identifies a specific service or application running on that device. For example, apartment 201 might be the web server, while apartment 302 might be the email server.


  • Just like you need both the building address and the apartment number to deliver a pizza, you need both the IP address and the port number to send data to the correct service or application on a device.

Here’s a table summarizing the key differences:

FeatureIP AddressPort Number
PurposeIdentifies the device on the networkIdentifies a specific service or application on the device
Type of identifierNumerical address (e.g., integer (e.g., 80 for HTTP, 25 for SMTP)
ScopeGlobal (unique across the entire internet)Local (specific to a device)
Assigned byInternet service provider (ISP) or network administratorOperating system or application

So, while the IP address tells you “which building,” the port number tells you “which apartment” to reach your desired service or application.

When a computer sends or receives data over a network, the combination of the IP address and port number uniquely identifies a specific process or service on that machine. For example, if you connect to a web server, your computer might use the IP address of the server along with port 80 (for HTTP) or port 443 (for HTTPS) to establish the communication.

How are Ports used on Linux?

Ports are the virtual entry points for services on a server, and firewalls act as gatekeepers, controlling access to those ports based on security rules. In other words, the firewall controls the behavior of the port, dictating which traffic to allow and not allow based on the defined rules.

Openning Ports in Linux using the Firewall

To allow traffic through a certain port, we can use the firewall system to “open that port”. Most Linux distributions ship with a default firewall system like iptables, and we can use it to open ports as follows;

  • Open or close SSH Port (SSH Server)

The SSH port is used for the Remote shell access to the server terminal. The default port number for SSH is 22, so we can use the iptables firewall with the following command;

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

If we want to deny SSH traffic through port 22, then we can use the following iptables command;

sudo iptables -A INPUT -p tcp --dport 22 -j DROP
  • Open HTTP Port ( Webserver)

The HTTP port 80 is used by Web servers to server webpages or web applications via the internet. So, the HTTP traffic uses port 80 as the logical gateway to pass through. We can use the iptables to open the HTTP port using the following command;

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Similarly, if you want to close or deny traffic from passing through port 80, you can use the following iptables command:

sudo iptables -A INPUT -p tcp --dport 80 -j DROP

We’ve written a full guide on how to use the firewall to control port traffic on the Linux system, please the it here.

RECOMMENDED READING: How to install and configure UFW firewall on Ubuntu Linux

How to monitor and audit ports in Linux

Monitoring and auditing ports in Linux is crucial for security, detecting intrusions, revealing vulnerabilities, and meeting compliance requirements.

Keeping tabs on open ports can proactively prevent attacks, troubleshoot network issues, optimize performance, and gain valuable insights into system behavior. So, there various tools you can use to monitor ports on your Linux system and these are;

Using netstat

The netstat command can be used to display network-related information, including open ports. To install netstat on Linux, run the following command;

sudo apt install net-tools

Once netstat is installed, we can use it to monitor ports on the system using various parameters like;

To see a list of all open ports, run the following netstat command;

   sudo netstat -tulpn

Assuming these ports: SSH, FTP, HTTP, HTTPS, RDP, MYSQL, and RTMP ports are open when you run the above command, you will be able to see the following printout on the terminal;

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      1234/sshd
tcp        0      0    *               LISTEN      5678/vsftpd
tcp        0      0    *               LISTEN      4321/apache2
tcp        0      0   *               LISTEN      8765/apache2
tcp        0      0  *               LISTEN      9876/xrdp-sesman
tcp        0      0  *               LISTEN      5432/mysqld
tcp        0      0  *               LISTEN      1357/nginx

From the above output, we see that the listed ports are in a “LISTEN” state, indicating they are open, and actively waiting to accept connections.

If no ports are listening, the printout will not list anything on the terminal.

Using lsof (list open files)

The lsof command can be used to list open files and, in this case, open network connections, and you can install it on Ubuntu Linux by running the following command;

sudo apt install lsof

To see a list of open ports, you can use lsof tool by running the following command:

   sudo lsof -i -P -n | grep LISTEN

This command shows open Internet files (-i), displays port numbers numerically (-P), does not resolve hostnames (-n), and filters for listening connections using grep LISTEN. See the sample printout below;

sshd      1234   root    3u  IPv4  12345      0t0  TCP *:22 (LISTEN)
vsftpd    5678   ftp     3u  IPv4  56789      0t0  TCP *:21 (LISTEN)
apache2   4321   www-data  5u  IPv6  98765      0t0  TCP *:80 (LISTEN)
apache2   4321   www-data  6u  IPv6  98766      0t0  TCP *:443 (LISTEN)
xrdp-sesman 9876  xrdp    10u  IPv6  54321      0t0  TCP *:3389 (LISTEN)
mysqld    5432   mysql   10u  IPv4  34567      0t0  TCP *:3306 (LISTEN)
nginx     1357   www-data  6u  IPv4  98765      0t0  TCP *:1935 (LISTEN)

Using nmap

If you have nmap installed, you can use it to scan for open ports on a specific host. Install nmap if you haven’t already and then use the following command;

   sudo nmap -p- localhost

This command will scan all ports (-p-) on the localhost. Here’s a generic example of what the output might look like;

Starting Nmap 7.80 ( ) at 2024-01-14 12:00 UTC
Nmap scan report for localhost (
Host is up (0.001s latency).

Not shown: 65531 closed ports

22/tcp   open  ssh
21/tcp   open  ftp
80/tcp   open  http
443/tcp  open  https
3389/tcp open  rdp
3306/tcp open  mysql
1935/tcp open  rtmp

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

RECOMMENDED READING: Is Port Forwarding necessary for Ant Media Server?

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

  • Website migration, troubleshooting, and maintenance.
  • Server & application deployment, scaling, troubleshooting, and maintenance
  • Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx,  OpenVPN, cPanel, WHMCS, WordPress, and more
  • Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.