Cybersecurity Triage

List Listening Ports on a VPS

You need a snapshot of TCP ports listening on the server.

Command

ss -ltnp

What changed

Nothing changes. The command lists listening TCP sockets and processes.

Danger

safe

When to use it

Use during exposure checks, incident triage, or after deploying services.

When not to use it

Do not treat a listener as externally reachable without checking firewall and bind address.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Listening sockets with local addresses, ports, and process names where available.

demo script

Disposable terminal steps

ss -ltnp
ss -ltnp | awk 'NR==1 || /LISTEN/'

Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel

::fixture-ready::
$ ss -ltnp
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*     users:(("sshd",pid=801,fd=3))
LISTEN 0      511          0.0.0.0:80        0.0.0.0:*     users:(("nginx",pid=1907,fd=6))
LISTEN 0      511          0.0.0.0:443       0.0.0.0:*     users:(("nginx",pid=1907,fd=7))
LISTEN 0      128        127.0.0.1:5432      0.0.0.0:*     users:(("postgres",pid=2011,fd=7))
::exit-code::0
$ ss -ltnp | awk 'NR==1 || /LISTEN/'
State  Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*     users:(("sshd",pid=801,fd=3))
LISTEN 0      511          0.0.0.0:80        0.0.0.0:*     users:(("nginx",pid=1907,fd=6))
LISTEN 0      511          0.0.0.0:443       0.0.0.0:*     users:(("nginx",pid=1907,fd=7))
LISTEN 0      128        127.0.0.1:5432      0.0.0.0:*     users:(("postgres",pid=2011,fd=7))
::exit-code::0

YouTube Short

List VPS listening ports.

Use ss to snapshot listening ports, bind addresses, and processes before changing firewall rules.

experiments

A/B tests to run

Metric: completion_rate

A: Unexpected listeners.

B: Check bind address first.