Port to PID

From Noah.org
Revision as of 17:06, 1 September 2010 by Root (talk | contribs)
Jump to navigationJump to search


See all listening ports and their associated PIDs with `netstat`

The '--inet' option will show only ipv4 sockets. Replace '--inet' with '--udp --tcp' to show both ipv4 and ipv6 sockets. 

netstat --listening --program --inet --numeric-hosts --numeric-ports --extend

See whp is using a specific port with `lsof`

Use the `lsof` command to find which process is listening on a given port.

The -n option for `lsof` turns of reverse name resolution which speeds up the output. Otherwise it will try to reverse each IP address to a name.

There are security limitation to the use of `lsof` by non-root users. These limitations depend on how `lsof` was compiled. In general you have to be root or have sudo to use these examples.

For example, say I saw that some process was already using port 69 (normally TFTP). I did not expect this port to be in use, so I ran the following command to find out which process what listening on port 69: 

sudo lsof -n -i :69

To find which process is listening on port 80 (you would expect an HTTP server): 

sudo lsof -n -i :80

To see who is connected or listening on SSH or SCP look for port 22: 

sudo lsof -n -i :22

You can also look for files opened by a given user or command: 

sudo lsof -n -u USER

sudo lsof -n -c COMMAND
Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=Port_to_PID&oldid=5785"