SS Socket and Listening Port Inspection Checklist

halfbrain_logo512adminJune 18, 2026
6 lượt xem

SS Socket and Listening Port Inspection Checklist

ss shows which services are listening on which ports. This is essential for debugging Nginx, SSH, databases, Docker apps, internal APIs and reverse proxy problems.

Core principle

A network service must listen on an address and port before other systems can reach it. If nothing is listening, DNS and firewall changes will not fix the application.

Checklist

  1. List listening TCP ports.
  2. Identify process names and PIDs.
  3. Check whether Nginx listens on 80 and 443.
  4. Check whether SSH listens on the expected port.
  5. Check whether database ports are private.
  6. Check whether internal app ports are localhost-only or public.
  7. Compare listening ports with firewall rules.
  8. Compare Docker published ports with ss output.
  9. Close or protect unexpected public ports.
  10. Document the port map.

Reusable lesson

ss applies to VPS hardening, reverse proxy debugging, Docker deployment, database exposure checks, webhook services and cloud firewall design.

Checklist Type Technical Setup
Level Beginner
Risk Level Medium Risk
Estimated Time 20–45 minutes

When to Use This Checklist

Use this checklist when checking what services are listening on a VPS and whether they should be public or private.

Required Tools

SSH access, ss, UFW, Docker if used, service list, Nginx config

Before You Start

Do not open firewall ports before confirming the service is listening and should be publicly reachable.

Structured Checklist Steps

  1. List listening ports.
  2. Identify processes.
  3. Check web ports.
  4. Check SSH port.
  5. Check database ports.
  6. Check app ports.
  7. Compare firewall.
  8. Compare Docker ports.
  9. Protect unexpected exposure.
  10. Document port map.

Verification Steps

  1. Listening services are known.
  2. Unexpected public ports are reviewed.
  3. Database is not exposed publicly.
  4. Firewall rules match real services.
  5. Port map is documented.
See also  Server Resource Triage Checklist for CPU RAM Disk and Network

Rollback Plan

If closing or changing a port breaks a service, restore the previous firewall or service config and redesign exposure with reverse proxy or private access.

Common Mistakes

  • Opening ports without checking listeners.
  • Forgetting Docker published ports.
  • Exposing databases publicly.
  • Confusing localhost with public access.
  • No port documentation.

Related Commands

sudo ss -tulpn
sudo ss -ltnp
sudo ss -tulpn | grep nginx
sudo ss -tulpn | grep 3306
sudo ufw status numbered
docker ps

Share:

Disclaimer: The guides, checklists, commands, and examples on HalfBrain.net are provided for educational and operational reference only. Server environments, hosting providers, software versions, security settings, and WordPress configurations can vary, so you should always review commands before running them on your own system. We do our best to keep the content accurate and useful, but we cannot guarantee that every command, configuration, or recommendation will fit every environment. Always back up your website, database, and server configuration before making changes. HalfBrain.net is not responsible for data loss, downtime, security incidents, misconfiguration, or other issues that may result from applying the information on this website. Use the material at your own discretion.

halfbrain_logo512
admin

HalfBrain.net is a practical field notebook for people who want to self-operate websites, VPS servers, Linux systems, Docker stacks, Nginx configurations, DNS records, SSL certificates, and AI automation workflows. Our goal is simple: turn messy infrastructure problems into clear, repeatable checklists, commands, and operating procedures. We focus on practical execution, not theory for theory’s sake.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles: