In TCP/IP, connections happen by way of ports. A port is a number that uniquely identifies a connection. Some ports are well-known and usually identified with a service, e.g. port 80 for HTTP requests.
To see what ports are open, i.e., what connections your computer currently has, use the
The output will be lengthy, but we're really only interested in the top section. An example from my own computer:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 aspire.local:49132 tc-in-f19.google.co:www TIME_WAIT
tcp 0 0 aspire.local:60227 tx-in-f103.google.c:www ESTABLISHED
udp 0 0 aspire.local:33954 126.96.36.199:domain ESTABLISHED
udp 0 0 *:bootpc *:*
udp 0 0 aspire.local:42088 188.8.131.52:domain ESTABLISHED
udp 0 0 *:mdns *:*
udp 0 0 *:38142 *:*
What does this say? That my computer is currently connected to web servers (the
:wwwentries) and is making DNS requests (
:domain). These are the entries which are simpler to understand. But what of the others?
:ippis the port used by the printer daemon,
:mdnsis used for local multicast DNS, and
:bootpcis for DHCP client requests. These are the ports that a default Ubuntu installation listens on.
:ippis opened by
But what of that open port 38142? How come it's not identified? You can check it by running
sudo lsof -i :38142
You'll see that it's also owned by the Avahi daemon. Just what is Avahi?
Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.
So really, in a default Ubuntu installation, you really should have just ports opened by the printer daemon and Avahi. Other usual connections are for HTTP and DNS. Anything else that you're not sure of is typically suspect.