Exploring Network Connections and Determining Open Ports

Explore network connections

Computers connect to other computers using an IP address and a port. Ports allow multiple network connections from a single machine. Imagine that the IP address is the street address to an apartment complex, and each port is an apartment number in the building.

For example, when we make a request to google.com with our web browser, the browser uses port 80, the default port for web traffic. To complete that request, the browser needs to figure out which IP address google.com resolved to, so it makes a request to a DNS server using port 53, the default port for DNS queries.

When we installed the openssh-server package, the machine started listening for incoming connections on port 22. When we connected to the server, our client made an outgoing connection on port 22.

The OS makes all kinds of network connections to remote systems, and programs we install do as well. Unfortunately, so do malicious programs. It’s not a bad idea to keep tabs on the computer’s communication.

A handful of tools will let us see which ports are in use. The two we’ll look at are netstat and ss.

Using netstat

The netstat command is older and more universally available on servers and Linux operating systems. Like ifconfig, it’s also not supported anymore. We’ll explore it first and then look at other options. First, we stop the SSH server if it is running:

sudo systemctl stop sshd

Now, we’ll use netstat to look at what’s listening for incoming TCP connections.

netstat -lt