How to find out which process is listening upon a port?
To discover the process name, ID (pid), and other details you need to run:
Similarly we can see which process is bound to port 22:
(The second grep we used above was to ignore Unix domain sockets).
If you're curious to see which programs and services are used in those sockets you can look them up as we've already shown:
Port 2049 and 743 are both associated with NFS. The rest can be tracked down in a similar manner. (You'll notice that some ports actually have their service names printed next to them, such as the smtp entry for port 25).
lsof is a very powerful tool which can be used for lots of jobs. If you're unfamiliar with it I recommend reading the manpage via:
It's often used to see which files are open upon mounted devices, so you can kill the processes and unmount them cleanly.
found at http://www.debian-administration.org/articles/184
lsof -i :portSo to see which process is listening upon port 80 we can run:
root@mystery:~# lsof -i :80This gives us the following output:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME apache2 10437 root 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10438 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10439 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10440 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10441 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 10442 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 25966 www-data 3u IPv6 22890556 TCP *:www (LISTEN) apache2 25968 www-data 3u IPv6 22890556 TCP *:www (LISTEN)Here you can see the command running (apache2), the username it is running as www-data, and some other details.
Similarly we can see which process is bound to port 22:
root@mystery:~# lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd 8936 root 3u IPv6 12161280 TCP *:ssh (LISTEN)To see all the ports open for listening upon the current host you can use another command netstat (contained in the net-tools package):
root@mystery:~# netstat -a |grep LISTEN |grep -v unix tcp 0 0 *:2049 *:* LISTEN tcp 0 0 *:743 *:* LISTEN tcp 0 0 localhost.localdo:mysql *:* LISTEN tcp 0 0 *:5900 *:* LISTEN tcp 0 0 localhost.locald:sunrpc *:* LISTEN tcp 0 0 *:8888 *:* LISTEN tcp 0 0 localhost.localdom:smtp *:* LISTEN tcp6 0 0 *:www *:* LISTEN tcp6 0 0 *:distcc *:* LISTEN tcp6 0 0 *:ssh *:* LISTENHere you can see that there are processes listening upon ports 2049, 743, 5900, and several others.
(The second grep we used above was to ignore Unix domain sockets).
If you're curious to see which programs and services are used in those sockets you can look them up as we've already shown:
root@mystery:~# lsof -i :8888 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME gnump3d 25834 gnump3d 3u IPv4 61035200 TCP *:8888 (LISTEN)This tells us that the process bound to port 8888 is the gnump3d MP3 streamer.
Port 2049 and 743 are both associated with NFS. The rest can be tracked down in a similar manner. (You'll notice that some ports actually have their service names printed next to them, such as the smtp entry for port 25).
lsof is a very powerful tool which can be used for lots of jobs. If you're unfamiliar with it I recommend reading the manpage via:
man lsofIf you do so you'll discover that the -i flag can take multiple different types of arguments, to allow you to check more than one port at a time, and use IPv6 addresses too.
It's often used to see which files are open upon mounted devices, so you can kill the processes and unmount them cleanly.
found at http://www.debian-administration.org/articles/184
Comments
Post a Comment