Difference between revisions of "Port to PID"
m |
|||
Line 4: | Line 4: | ||
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name. | The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name. | ||
+ | |||
+ | There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these exaples. | ||
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69: | For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69: | ||
<pre> | <pre> | ||
− | lsof -n -i :69 | + | sudo lsof -n -i :69 |
</pre> | </pre> | ||
Line 14: | Line 16: | ||
<pre> | <pre> | ||
− | lsof -n -i :80 | + | sudo lsof -n -i :80 |
</pre> | </pre> | ||
Line 20: | Line 22: | ||
<pre> | <pre> | ||
− | lsof -n -i :22 | + | sudo lsof -n -i :22 |
</pre> | </pre> | ||
Line 26: | Line 28: | ||
<pre> | <pre> | ||
− | lsof -n -u USER | + | sudo lsof -n -u USER |
</pre> | </pre> | ||
<pre> | <pre> | ||
− | lsof -n -c COMMAND | + | sudo lsof -n -c COMMAND |
</pre> | </pre> |
Revision as of 17:50, 29 January 2009
Use the `lsof` command to find which process is listening on a given port.
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.
There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these exaples.
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69:
sudo lsof -n -i :69
To find which process is listening on port 80 (you would expect some http server):
sudo lsof -n -i :80
To see who is connected via SSH or SCP look for port 22:
sudo lsof -n -i :22
You can also look for files opened by a given user or command:
sudo lsof -n -u USER
sudo lsof -n -c COMMAND