LAB-NET-04 - Ports and Connections

NET Networking and Communication

Ports and Connections

Inspect listening ports and active connections so you can tell whether a service is actually waiting for traffic.

35 min INTERMEDIATE LINUX Curriculum-reviewed

Prerequisites

Lab LAB-NET-01 - Interfaces and IP Addresses

Success criteria

Use ss to inspect listening sockets.
Explain the difference between a listening port and an established connection.

Safety notes

Inspect first; do not kill or reconfigure services unless you know exactly what they are.

Part A: The Field Guide

A host can be reachable while the service you want is still unavailable.

That is why port and socket inspection is a separate step.

A listening service is waiting for connections. An established connection means traffic is already flowing between endpoints.

Useful Distinction

Network reachability and service availability are related but not identical. A machine can answer pings while the target service is not listening on the expected port.

Part B: The Drill Deck

Terminal required: inspect first and keep the exercise observational.

Exercise G1: Inspect listening sockets

Run sudo ss -tulpn
Identify one listening service
Note the port and the process information if available

Exercise G2: Look at active connections

Run sudo ss -tupan
Notice that the output can include both listening and active connections depending on flags
Find one state value such as LISTEN or ESTAB

Exercise G3: Focus on one port

Run sudo ss -tulpn | grep ':22 ' if SSH is present, or use another familiar port on your system
Explain what this filtered view is helping you answer

Exercise S1: TCP versus UDP

Run a view that includes both TCP and UDP, then explain why checking only one protocol family can miss a service you care about.

Exercise S2: Listening versus connected

In your own words, explain:

what LISTEN means
what ESTAB means
why those states answer different questions

Mission M1: Add the service-layer step to your troubleshooting ladder

Write the place where ss belongs in a broader network debugging flow.

For example, after checking connectivity and naming, where do you ask whether the service is actually listening?

If that placement feels natural, the network model is becoming more operational and less memorized.

Practice flow

Run the exercise carefully, then repeat the key steps once more in the same session without leaning on the instructions.

Open lesson Open Arena Back to Labs

Reflection

What became clearer once you treated ports as a service-level check instead of a whole-network check?
Which ss output fields feel most useful to you first?

If not yet, repeat the lab once more without leaning on the instructions.

Move on when

Run ss and identify one listening service without notes.
Explain the difference between LISTEN and ESTAB in plain language.

A lab counts when you can repeat it cleanly with much less help than the first time.

Practice review

After you finish, repeat this lab tomorrow with less reliance on the instructions.

Use spaced practice around day 1, day 2, day 5.
Try to predict the steps before you scroll.
Run the key commands or actions from memory first.
Use the lesson or Library only for the parts that still fail.

Lab context

Best for

Need structureSerious hands-on operatorDeveloper expanding into systemsIT / support / sysadminStarting from zero

Pathways

Career operator pathDeveloper to systems fluencyFoundations first

Practice fit

Beginner-safe Guided practice

This lab is designed to be attempted safely by newer learners if they stay inside the described sandbox or practice folder.

Expect tighter prompts and a more protected workflow while the skill is still forming.

Revisit the lesson

Module M30 - Network Config: CLI Module M32 - Network Diagnostics Module M33 - Firewall: GUI and CLI

Topics

ssportslistenTCPUDPsockets

Reference support

Library ss Library ports Library listen Library TCP

On this page