Difference between revisions of "Port to PID"

From Noah.org
Jump to navigationJump to search
m
m
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
 +
== See all listening ports and their associated PIDs with `netstat` ==
 +
 +
The '--inet' option will show only ipv4 sockets. Replace '--inet' with '--udp --tcp' to show both ipv4 and ipv6 sockets.
 +
<pre>
 +
netstat --listening --program --inet --numeric-hosts --numeric-ports --extend
 +
</pre>
 +
 +
== See whp is using a specific port with `lsof` ==
 +
 
Use the `lsof` command to find which process is listening on a given port.
 
Use the `lsof` command to find which process is listening on a given port.
  
 
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.
 
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.
  
There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these exaples.
+
There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these examples.
  
 
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69:
 
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69:
Line 19: Line 29:
 
</pre>
 
</pre>
  
To see who is connected via SSH or SCP look for port 22:
+
To see who is connected or listening on SSH or SCP look for port 22:
  
 
<pre>
 
<pre>

Revision as of 17:06, 1 September 2010


See all listening ports and their associated PIDs with `netstat`

The '--inet' option will show only ipv4 sockets. Replace '--inet' with '--udp --tcp' to show both ipv4 and ipv6 sockets.

netstat --listening --program --inet --numeric-hosts --numeric-ports --extend

See whp is using a specific port with `lsof`

Use the `lsof` command to find which process is listening on a given port.

The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.

There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these examples.

For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69:

sudo lsof -n -i :69

To find which process is listening on port 80 (you would expect an HTTP server):

sudo lsof -n -i :80

To see who is connected or listening on SSH or SCP look for port 22:

sudo lsof -n -i :22

You can also look for files opened by a given user or command:

sudo lsof -n -u USER
sudo lsof -n -c COMMAND