- How can I figure out which process is opening the certain tcp port?
- 4 Answers 4
- Linux: Find Out Which Port Number a Process is Listening on
- Method 1: Using the netstat command
- Method 2: Using the lsof command
- Method 3: Using the fuser command
- Search
- About This Site
- Latest Tutorials
- 3 Ways to Find Out Which Process Listening on a Particular Port
- 1. Using netstat Command
- 2. Using lsof Command
- 3. Using fuser Command
How can I figure out which process is opening the certain tcp port?
I’ve got a reference board which running a embedded linux. It have been already opening 22 tcp port for ssh connection. But fuser doesn’t display output anything about 22 port. So I tried another ssh daemon to open 322 port then tried to check pid using fuser, it worked fine.
root@imx6qsabreauto:~# netstat -nlt | grep 22 tcp 0 0 0.0.0.0:4224 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:322 0.0.0.0:* LISTEN tcp 0 0 . 322 . * LISTEN tcp 0 0 . 22 . * LISTEN root@imx6qsabreauto:~# fuser 322/tcp 351 root@imx6qsabreauto:~# ps -ef | grep 351 root 351 1 0 01:46 ? 00:00:00 /usr/sbin/dropbear -r /etc/dropbear/dropbear_rsa_host_key -p 322 -B root 379 315 0 02:11 ttymxc3 00:00:00 grep 351 root@imx6qsabreauto:~# fuser 22/tcp ==> This output nothing !! How can I figure out which process is opening tcp 22 port. (In the board, lsof command is not available and.. netstat doesn’t have -p option.)
4 Answers 4
I you have /proc mounted and bash and readlink both installed, You can write a small bash script that parses /proc/net/tcp , and scan /proc/*/fd/ to find the corresponding socket.
I’m not so familiar with embedded linux, but if you cannot find readlink , it may be included in busybox .
/proc/net/tcp is something like
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 00000000:4E7A 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 13128 1 ffff8800cf960740 99 0 0 10 0 The local_address is hex string of HOST:PORT , so the script searches for :0016 when you want to search tcp 22 port.
Once it founds the row which contains :0016 in local_address , the inode is the corresponding socket number.
Then it searchs for /proc/*/fd/* which has the socket number using readlink command.
#!/bin/bash PORT="$1" HEX_PORT=$(printf %04X $PORT) INODE="" if ! [ "$PORT" ];then echo "usage $0 [PORT]" exit fi while read num host_port _ _ _ _ _ _ _ inode _; do if [[ $host_port =~ :"$HEX_PORT"$ ]];then INODE=$inode fi done < /proc/net/tcp if ! [ "$INODE" ];then echo "no process using $PORT" exit fi for fn in /proc/1*/fd/*; do if [ "$(readlink $fn)" = "socket:[$INODE]" ];then tmp=$echo $ fi done Here's a version of ymonad's script that runs on a Tomato/BusyBox router:
#!/bin/sh # This works with BusyBox on a Tomato router PORT="$1" HEX_PORT=`printf %04X $PORT` INODE="" if ! [ "$PORT" ]; then echo "Find the process that is listening on an open TCP network port." echo "usage $0 [PORT]" exit 2 fi # sl localip:port remip:port st tx_q:rx_q tr:when retrns uid timeout inode . while read num host_port _ _ _ _ _ _ _ inode _; do port=`echo "$host_port" | awk -F: ''` if [ "$port" = "$HEX_PORT" ]; then INODE=$inode fi done < /proc/net/tcp if ! [ "$INODE" ]; then echo "no process using $PORT" exit 1 fi echo "found inode $INODE" f=`ls -l /proc/4*/fd/* 2>/dev/null | fgrep "socket:[$INODE]" | awk ''` if ! [ "$f" ] ; then echo "no process found using inode $INODE" exit 1 fi pid=`echo "$f" | awk -F/ ''` echo "Process matching PID=$pid:" ps w | awk "\$1==$pid " If you have or can get ss on your device it can show you the PID:
ss -ltp # for TCP ss -lup # for UDP Thanks @ymonad !! 🙂 As your mention, I've been able to get pid corresponding to the port like the following.
root@imx6qsabreauto:~# cat /proc/net/tcp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 00000000:1080 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 1018 1 d8d90a00 100 0 0 10 0 1: 00000000:0DA2 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 842 1 d8d90000 100 0 0 10 0 2: 00000000:006F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 2515 1 d8dc8000 100 0 0 10 0 3: 0100007F:0035 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 877 1 d8d90500 100 0 0 10 0 root@imx6qsabreauto:~# cat /proc/net/tcp6 sl local_address remote_address st tx_queue rx_queue tr tm->when retrnsmt uid timeo ut inode 0: 00000000000000000000000000000000:006F 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 2518 1 d8dd0000 100 0 0 10 -1 1: 00000000000000000000000001000000:0035 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 881 1 d8de0000 100 0 0 10 -1 2: 00000000000000000000000000000000:0016 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 4933 1 d8da0000 100 0 0 10 -1 Your shell script is working fine, it can get pid properly as like below.
root@imx6qsabreauto:~# /tmp/find.sh 22 1 Odd thing is the result pid is 1. It's init process ;;
UID PID PPID C STIME TTY TIME CMD root 1 0 0 04:21 ? 00:00:04 /sbin/init I think I need to figure out more how init process opens 22 tcp port. Really thank you. 😀 I've learned a lot. Thanks again !!
Linux: Find Out Which Port Number a Process is Listening on
As Linux users, we sometimes need to know what port number a particular process is listening on. All ports are associated with a process ID or service in an operating system. So how do we find this port? In this article, we will present three different methods that you can use to find out which port a process is listening on.
We have run the commands and procedures described in this article on an Ubuntu 22.04 LTS system.
Method 1: Using the netstat command
Netstat, the network statistics utility, is used to display information about the network connections. This includes information about interface statistics, routing tables and much more. This utility is available on most Linux systems, so we use it to find out which ports certain processes on the system are using.
To use the netstat command, you must install the net-tools utility, if it is not already installed on your system, using the following command:
$ sudo apt install net-tools
Then run the following command:
The above command gives netstat information based on the following features:
- l: display only listening sockets
- t: display tcp connection
- n: display addresses in a numerical form
- p: display process ID/ Program name
For example, in the above output of the netstat command, Apache2 program with process ID 950 is running on port number 80.
You can also filter statistics for a specific port by incorporating the grep function into your command.
$ sudo netstat -ltnp | grep -w ':80'
This command will tell you specifically which process is running on port number 80.
Method 2: Using the lsof command
The lsof or the List of Open Files utility helps in listing all the open files on your Linux system. We can use this utility to view all processes open on a specific port.
For using the lsof command, you need to install the lsof utility if it is already not installed on your system through the following command:
Let us use lsof to view the service listening on a specific port.
This command will list all processes using TCP port number 80.
Method 3: Using the fuser command
The fuser command displays which process IDs are using the named files, sockets or file systems. We can use this command in order to view process IDs running on a specific TCP port.
For using the fuser command, you need to install the psmisc utility if it is already not installed on your system through the following command:
Let us view all the process IDs running on TCP port 3306 through the following command:
You can specify any port number in this command to view its listening processes.
In the above output, you can see that process ID 975 is listening on TCP 3306.
In order to view which program this process ID corresponds to, run the following command:
The output shows that process ID 975 corresponds to the program name MySDLd. Thus process ID 975 of the program MySQLd is listening on port number 3306.
Through the three methods you have learned in this article, you can easily view which TCP port a specific process on Linux is listening upon.
Search
About This Site
Vitux.com aims to become a Linux compendium with lots of unique and up to date tutorials.
Latest Tutorials
3 Ways to Find Out Which Process Listening on a Particular Port
A port is a logical entity that represents an endpoint of communication and is associated with a given process or service in an operating system. In previous articles, we explained how to find out the list of all open ports in Linux and how to check if remote ports are reachable using the Netcat command.
In this short guide, we will show different ways of finding the process/service listening on a particular port in Linux.
1. Using netstat Command
netstat (network statistics) command is used to display information concerning network connections, routing tables, interface stats, and beyond. It is available on all Unix-like operating systems including Linux and also on Windows OS.
In case you do not have it installed by default, use the following command to install it.
$ sudo apt-get install net-tools [On Debian/Ubuntu & Mint] $ sudo dnf install net-tools [On CentOS/RHEL/Fedora and Rocky Linux/AlmaLinux] $ pacman -S netstat-nat [On Arch Linux] $ emerge sys-apps/net-tools [On Gentoo] $ sudo dnf install net-tools [On Fedora] $ sudo zypper install net-tools [On openSUSE]
Once installed, you can use it with the grep command to find the process or service listening on a particular port in Linux as follows (specify the port).
In the above command, the flags.
- l – tells netstat to only show listening sockets.
- t – tells it to display tcp connections.
- n – instructs it to show numerical addresses.
- p – enables showing of the process ID and the process name.
- grep -w – shows matching of exact string (:80).
Note: The netstat command is deprecated and replaced by the modern ss command in Linux.
2. Using lsof Command
lsof command (List Open Files) is used to list all open files on a Linux system.
To install it on your system, type the command below.
$ sudo apt-get install lsof [On Debian, Ubuntu and Mint] $ sudo yum install lsof [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a sys-apps/lsof [On Gentoo Linux] $ sudo pacman -S lsof [On Arch Linux] $ sudo zypper install lsof [On OpenSUSE]
To find the process/service listening on a particular port, type (specify the port).
3. Using fuser Command
fuser command shows the PIDs of processes using the specified files or file systems in Linux.
You can install it as follows:
$ sudo apt-get install psmisc [On Debian, Ubuntu and Mint] $ sudo yum install psmisc [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a sys-apps/psmisc [On Gentoo Linux] $ sudo pacman -S psmisc [On Arch Linux] $ sudo zypper install psmisc [On OpenSUSE]
You can find the process/service listening on a particular port by running the command below (specify the port).
Then find the process name using PID number with the ps command like so.
$ ps -p 2053 -o comm= $ ps -p 2381 -o comm=
You can also check out these useful guides about processes in Linux.
You might also like:
That’s all! Do you know of any other ways of finding the process/service listening on a particular port in Linux, let us know via the comment form below.