Linux

How to check which services are listening on a given port in linux

This article will explore ways to check which service is listening on a paticular port. Most Linux services will run as a daemon exposing a port

Installing and Using lsof

lsof is a command line utility to list all open files belonging to all active processes.

To install it on Linux, use the following commands depending the distribution type you use.

On Debian, Ubuntu:

sudo apt install lsof

On CentOS, RHEL, Rocky or Alma Linux:

sudo yum install lsof

Newer versions like CentOS 8/9, RHEL 8/9 or Fedora

sudo dnf install lsof

To find which processes are running on which ports, simply specify the port number:

sudo lsof -i :3000

Sample output:

# lsof -i :3000
COMMAND      PID    USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
grafana-s 264023 grafana   10u  IPv6 2887779      0t0  TCP *:hbci (LISTEN)

For more details, refer man pages.

man lsof

Installing and Using netstat

Netstat is a command line utility used to print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

Netstat is available in the default repositories of most Linux distributions.

To install it on Linux and its variants, do:

On CentOS, RHEL:

sudo yum install net-tools

# On Fedora, RHEL 8 and Centos8
sudo dnf install net-tools

On Debian, Ubuntu:

sudo apt install net-tools

Use the following command to find which services are listening on what ports:

sudo netstat -tulpn

Sample output:

# sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:8088          0.0.0.0:*               LISTEN      538847/influxd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      900/nginx: master p
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 0.0.0.0:7088            0.0.0.0:*               LISTEN      538639/docker-proxy
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      900/nginx: master p
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      970/sshd
tcp6       0      0 :::9080                 :::*                    LISTEN      393063/promtail-lin
tcp6       0      0 :::3000                 :::*                    LISTEN      264023/grafana-serv
tcp6       0      0 :::3100                 :::*                    LISTEN      391839/loki-linux-a
tcp6       0      0 :::9090                 :::*                    LISTEN      263154/prometheus
tcp6       0      0 :::9096                 :::*                    LISTEN      391839/loki-linux-a
tcp6       0      0 :::9100                 :::*                    LISTEN      262769/node_exporte
tcp6       0      0 :::44303                :::*                    LISTEN      393063/promtail-lin
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd
tcp6       0      0 :::7088                 :::*                    LISTEN      538645/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      900/nginx: master p
tcp6       0      0 :::8086                 :::*                    LISTEN      538847/influxd
tcp6       0      0 :::22                   :::*                    LISTEN      970/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1/systemd
udp        0      0 127.0.0.1:323           0.0.0.0:*                           777/chronyd
udp6       0      0 :::111                  :::*                                1/systemd
udp6       0      0 ::1:323                 :::*                                777/chronyd
udp6       0      0 fe80::458:3aff:fed6:546 :::*                                850/NetworkManager

If you are interested in any specific port, you can use grep to filter:

sudo netstat -tulpn | grep 3000
sudo netstat -tulpn | grep grafana

Flags:

  • -t flag shows tcp connections.
  • -u flag shows udp connections.
  • -l flag displays listening sockets.
  • -p flag displays the process ID(PID) and the process name of whatever is using that port.
  • -n flag displays the numerical addresses.

For more details, refer man pages.

man netstat

Using “ss” command

ss is command line utility to investigate sockets. It is an alternative to netstat and the usage of ss is almost same as netstat. It comes pre-installed on popular linux distros like Redhat, Debian and their variants.

To find which services are listening on which ports, run:

sudo ss -tulpn

Sample output:

Netid   State    Recv-Q   Send-Q                        Local Address:Port        Peer Address:Port   Process
udp     UNCONN   0        0                                   0.0.0.0:111              0.0.0.0:*       users:(("rpcbind",pid=705,fd=5),("systemd",pid=1,fd=33))
udp     UNCONN   0        0                                 127.0.0.1:323              0.0.0.0:*       users:(("chronyd",pid=777,fd=6))
udp     UNCONN   0        0                                      [::]:111                 [::]:*       users:(("rpcbind",pid=705,fd=7),("systemd",pid=1,fd=35))
udp     UNCONN   0        0                                     [::1]:323                 [::]:*       users:(("chronyd",pid=777,fd=7))
udp     UNCONN   0        0           [fe80::458:3aff:fed6:8255]%eth0:546                 [::]:*       users:(("NetworkManager",pid=850,fd=26))
tcp     LISTEN   0        128                               127.0.0.1:8088             0.0.0.0:*       users:(("influxd",pid=538847,fd=3))
tcp     LISTEN   0        128                                 0.0.0.0:443              0.0.0.0:*       users:(("nginx",pid=902,fd=8),("nginx",pid=901,fd=8),("nginx",pid=900,fd=8))
tcp     LISTEN   0        128                                 0.0.0.0:111              0.0.0.0:*       users:(("rpcbind",pid=705,fd=4),("systemd",pid=1,fd=32))
tcp     LISTEN   0        128                                 0.0.0.0:7088             0.0.0.0:*       users:(("docker-proxy",pid=538639,fd=4))
tcp     LISTEN   0        128                                 0.0.0.0:80               0.0.0.0:*       users:(("nginx",pid=902,fd=9),("nginx",pid=901,fd=9),("nginx",pid=900,fd=9))
tcp     LISTEN   0        128                                 0.0.0.0:22               0.0.0.0:*       users:(("sshd",pid=970,fd=5))
tcp     LISTEN   0        128                                       *:9080                   *:*       users:(("promtail-linux-",pid=393063,fd=10))
tcp     LISTEN   0        128                                       *:3000                   *:*       users:(("grafana-server",pid=264023,fd=10))
tcp     LISTEN   0        128                                       *:3100                   *:*       users:(("loki-linux-amd6",pid=391839,fd=9))
tcp     LISTEN   0        128                                       *:9090                   *:*       users:(("prometheus",pid=263154,fd=8))
tcp     LISTEN   0        128                                       *:9096                   *:*       users:(("loki-linux-amd6",pid=391839,fd=10))
tcp     LISTEN   0        128                                       *:9100                   *:*       users:(("node_exporter",pid=262769,fd=3))
tcp     LISTEN   0        128                                       *:44303                  *:*       users:(("promtail-linux-",pid=393063,fd=11))
tcp     LISTEN   0        128                                    [::]:111                 [::]:*       users:(("rpcbind",pid=705,fd=6),("systemd",pid=1,fd=34))
tcp     LISTEN   0        128                                    [::]:7088                [::]:*       users:(("docker-proxy",pid=538645,fd=4))
tcp     LISTEN   0        128                                    [::]:80                  [::]:*       users:(("nginx",pid=902,fd=10),("nginx",pid=901,fd=10),("nginx",pid=900,fd=10))
tcp     LISTEN   0        128                                       *:8086                   *:*       users:(("influxd",pid=538847,fd=5))
tcp     LISTEN   0        128                                    [::]:22                  [::]:*       users:(("sshd",pid=970,fd=7))

To filter output for a particular service (E.g. grafana), use:

sudo ss -tulpn | grep grafana
sudo ss -tulpn | grep 3000

For more details, refer man pages.

man ss

Installing and Using fuser command

The commandline utility fuser is also used to identify processes using files or sockets. It displays the PIDs of processes using the specified files or file systems.

It is also available in the default repositories of most Linux distributions.

To install it on Linux, run:

On Debian, Ubuntu:

sudo apt install psmisc

On CentOS, RHEL:

sudo yum install psmisc

sudo dnf install psmisc

We need to find the PID of a service or process listening on a particular port. Lets check the PID of the process listening on port 3000 using this command:

sudo fuser 3000/tcp

You will see an output like below.

3000/tcp:            264023

Here, 264023 is the PID.

And then find out the actual process using the PID using command:

ps -p 264023 -o comm=

Output

# ps -p 264023 -o comm=
grafana-server

Note: Adding the verbose -v flag allows you to view the complete details in a single command:

sudo fuser -v 3000/tcp

Output:

# sudo fuser -v 3000/tcp
                     USER        PID ACCESS COMMAND
3000/tcp:            grafana   264023 F.... grafana-server

For more details, go through the man pages.

man fuser
Linux
Last updated on Oct 14, 2024 11:46 +0300
comments powered by Disqus
© 2020 - 2024 Citizix, Inc.
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy