How do I know if running processes are connected to an open port of Linux? How do I know which process under Linux using CLI has the open TCP port #111 or UDP port 7000?
A port is nothing more than a communication terminal used in computer networks. You have physical or wireless connections at the hardware level. At the software or operating system level, the port acts as a logical design that serves as a communication port for a network service such as SSH, HTTPD, etc. The port can be used as a communication port for a network service. TCP and UDP are the most commonly used ports. TCP stands for Transmission Control Protocol. UDP is an abbreviation for User Datagram Protocol. Here are some differences between the internet protocols UDP and TCP. This page shows the Linux commands to see which process is on the TCP or UDP port. Learn the facts here now Linux Plesk server management.
Linux: find out which listening process is running on port
You can use the following programs to find out the port numbers and the corresponding process:
- The netstat or ss command is a command-line tool that displays network connections, routing tables and a number of network interface statistics.
- fuser command – a command line tool to identify processes that use files or sockets.
- lsof command – a command line program to compile a list of open files on Linux / UNIX and thus compile a list of all open files and processes.
- File system /proc/$pid/ – On Linux, /proc contains a directory for each running process (including kernel processes) in /proc/PID, which contains information about that process, including the name of the process that opened the port. Visit site Linux Server Support.
You must run the above command(s) as root.
The Linux netstatcommand tells which process is on port.
Type the following command:
# netstat -tulpn
Output example :
Active Internet connection (server only)
Proto Recv-Q Send-Q Local address External address PID status/program name
tcp 0 0.127.0.0.1:3306 0.0.0:* LISTS 1138/mysqld
tcp 0 0.0.0:111 0.0.0:* LISTS 850/port card
tcp 0 0.0.0:80 0.0.0:* LISTS 1607/apache2
tcp 0 0.0.0:55091 0.0.0:* LISTS 910/rpc.statd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTS 1467/dnsmasq
tcp 0.0.0:22 0.0.0:* LISTS 992/sshd
tcp 0 0 127.0.0.1:631 0.0.0:* LISTS 1565/cupsd
tcp 0 0 0.0.0.0:7000 0.0.0:* LISTS 3813/transmission
tcp6 0 0 :::22 :::* LISTS 992/sshd
tcp6 0 ::1:631 :::* LISTS 1565/cupsd
tcp6 0 :::7000 :::* LISTS 3813/transmission
udp 0 ::0.0.0.0 0:0.0:111 0.0.0:* 850/port card
udp 0 0.0.0:662 0.0.0.0:* 910/rpc.statd
udp 0 0 192.168.122.1:53 0.0.0.0:* 1467/dnsmasq
udp 0.0.0:67 0.0.0:* 1467/dnsmasq
udp 0 0 0.0.0.0.0:68 0.0.0:* 3697/client
udp 0.0.0:7000 0.0.0:* 3813/transfer
udp 0.0.0:54746 0.0.0:* 910/rpc.statd
TCP port 3306 was opened by the mysqld process with PID # 1138. You can check this with /proc, type:
# ls -l /proc/1138/exe
Example output :
lrwxrwx 1 root 0 2010-10-29 10:20 /proc/1138/exe -> /usr/sbin/mysqld
To filter the information you can use the grep command or the egrep :
# netstat -tulpn | grep :80
Output examples :
tcp 0 0.0.0:80 0.0.0:* LISTS 1607/apache2
Order note ss
Some Linux distributions considered the Nestat command obsolete and should therefore gradually be replaced by more modern successors such as the ss command. Syntax:
$ sudo ss -tulpn
$ sudo ss -tulpn | grep :3306
Click on the image to enlarge it.
Video event
Correction team
Determine the PID of the processes that opened the tcp 7000 port, enter:
# fuser 7000/tcp
Sampling Outputs :
7,000 cc’s: 3813
Finally, to learn the name of the process associated with PID # 3813, type:
# ls -l /proc/3813/exe
sample output :
lrwxrwx 1 vivek vivek 0 2010-10-29 11:00 /proc/3813/exe -> /usr/bin/ broadcast
/usr/bin/ transfer is a bittorrent client, enter:
# man transfer
OR
# whatis transfer
sample output :
Transfer (1) – bittoral customer
Determine the working directory of the current process
To find the current working directory of a process called bittorrent or pid 3813, type:
# ls -l /proc/3813/cwd
sample output :
lrwxrwx 1 vivek vivek 0 2010-10-29 12:04 /proc/3813/cwd -> /home/vivek
Or use the pwdx command, type:
# pwdx 3813
Example output :
3813 : /Homeland/Belly
Find out who is responsible for the process under Linux
Use the following command to find the PID owner of the process named 3813:
# ps aux | grep 3813
or
# ps aux | grep ‘[3]813’
sample output :
vivek 3813 1.9 0.3 188372 26628 ? Gearbox Sl 10:58 2:27
Or try the next ps command:
# ps -eo pid,user,group,args,etime,lstart | grep ‘[3]813’
output sampling
3813 Eyelid transfer 02:44:05 Free 29. 10:58:40 October 2010
Another option is /proc/$PID/approx, enter:
# cat /proc/3813/approx
OR
# grep – color -w -a USER /proc/3813/approx
Output selection (note – color option) :
Fig.01 : Supply of lubricants
lsof Team Example
Enter the command as follows:
| port number lsof -i tcp: port number lsof -i udp: port number lsof -i :80 lsof -i :80 | grep LISTS |
lsof -i :portNumber
lsof -i tcp:portNumber
lsof -i udp:portNumber
lsof -i :80
lsof -i :80 | grep LISTEN
Test Outputs :
apache2 1607 root 3u IPv4 6472 0t0 TCP *:wwwww (LISTEN)
apache2 1616 wwww-data 3u IPv4 6472 0t0 TCP *:wwwwwwww (LISTEN)
apache2 1617 wwww-data 3u IPv4 6472 0t0 TCP *.1. :wwwwwwww (LISTEN)
apache2 1618 wwwwww-data 3u IPv4 6472 0t0 TCP *:wwwwwwwwwww (LISTEN)
apache2 1619 wwwwwww-data 3u IPv4 6472 0t0 TCP *:wwwwwwwwww (LISTEN)
apache2 1620 wwwww-data 3u IPv4 6472 0t0 TCP *:wwwwwwwww (LISTEN)
Now you get more information about fag # 1607 or 1616 and so on:
# ps aux | grep ‘[1]616’
Example of outputs:
www-data 1616 0.0 0 0.0 35816 3880 ? S 10:20 0:00 /usr/sbin/apache2 -k start
I recommend the following command to get information about pid # 1616:
# ps -eo pid,user,group,args,etime,lstart | grep ‘[1]616’
sample output :
1616 www-data www-data /usr/sbin/apache2 -k start 03:16:22 And 29 Oct 10:20:17 2010
True,
- 1616 : PID
- www date: Username (owner – EUID)
- www date: Name of the group (Group – EGID)
- /usr/sbin/apache2 -k start : The name of the team and its arguments
- 03:16:22 : The time that has elapsed since the beginning of the process, in the form of [[dd-]hch:]mm:cc.
- Available on the 29th. October 10:20:17 2010 : It’s time to start the team.
Help: I open a gate I don’t know from.
The /etc/services file is used to display port numbers and service name protocols. Try matching the port numbers:
$ grep port /etc/services
$ grep 443 /etc/services
Example output :
https 443/tcp # protocol http via TLS/SSL
https 443/udp
Rootkit test
I strongly advise you to inform yourself about the processes in progress, especially the servers connected to the high-speed internet. You can search for the rootkit, which is a program designed to get basic control (root access in terms of Linux/UNIX, administrator access in terms of Windows) of a computer system without the permission of the legitimate owners and administrators of the system. See how to detect/check Linux rootkits.
Keep your bandwidth tables at
Usually the root servers are used to send large amounts of spam, malware or DoS attacks to other computers.
Circuit
You have learned the different commands of Linux to find information about the current process and its ports. For more information, see the following pages of the manual:
$ man ps
$ man grep
$ man lsof
$ man netstat
$ man fuser
RECOMMENDATIONS
Published: Vivek gears
The author is the creator of nixCraft and an experienced system administrator, DevOps engineer and Linux/Unix shell script trainer. Receive the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly by email.how to check which process is using a port in linux,how to find port number using pid in linux,find process using port mac,how to check which service is running on which port in linux,find process using port windows,linux kill process on port,command to check open ports in linux,find process using port ubuntu
