Difference between revisions of "Port to PID"
m |
m |
||
Line 1: | Line 1: | ||
[[Category:Engineering]] | [[Category:Engineering]] | ||
[[Category:Networking]] | [[Category:Networking]] | ||
+ | |||
+ | == See all listening ports and their associated PIDs with `netstat` == | ||
+ | |||
+ | The '--inet' option will show only ipv4 sockets. Replace '--inet' with '--udp --tcp' to show both ipv4 and ipv6 sockets. | ||
+ | <pre> | ||
+ | netstat --listening --program --inet --numeric-hosts --numeric-ports --extend | ||
+ | </pre> | ||
+ | |||
+ | == See whp is using a specific port with `lsof` == | ||
+ | |||
Use the `lsof` command to find which process is listening on a given port. | Use the `lsof` command to find which process is listening on a given port. | ||
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name. | The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name. | ||
− | There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these | + | There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these examples. |
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69: | For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69: | ||
Line 19: | Line 29: | ||
</pre> | </pre> | ||
− | To see who is connected | + | To see who is connected or listening on SSH or SCP look for port 22: |
<pre> | <pre> |
Revision as of 17:06, 1 September 2010
See all listening ports and their associated PIDs with `netstat`
The '--inet' option will show only ipv4 sockets. Replace '--inet' with '--udp --tcp' to show both ipv4 and ipv6 sockets.
netstat --listening --program --inet --numeric-hosts --numeric-ports --extend
See whp is using a specific port with `lsof`
Use the `lsof` command to find which process is listening on a given port.
The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.
There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these examples.
For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69:
sudo lsof -n -i :69
To find which process is listening on port 80 (you would expect an HTTP server):
sudo lsof -n -i :80
To see who is connected or listening on SSH or SCP look for port 22:
sudo lsof -n -i :22
You can also look for files opened by a given user or command:
sudo lsof -n -u USER
sudo lsof -n -c COMMAND