Linux / UNIX Find Out What Program / Service is Listening on a Specific TCP Port
Q. How do I find out which service is listening on a specific port? How do I find out what program is listening on a specific TCP Port?
A. Under Linux and UNIX you can use any one of the following command to get listing on a specific TCP port:
=> lsof : list open files including ports.
=> netstat : The netstat command symbolically displays the contents of various network-related data and information.
lsof command example
Type the following command to see IPv4 port(s), enter:
# lsof -Pnl +M -i4
Type the following command to see IPv6 listing port(s), enter:
# lsof -Pnl +M -i6
Sample output:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME gweather- 6591 1000 17u IPv4 106812 TCP 192.168.1.100:57179->140.90.128.70:80 (ESTABLISHED) firefox-b 6613 1000 29u IPv4 106268 TCP 127.0.0.1:60439->127.0.0.1:3128 (ESTABLISHED) firefox-b 6613 1000 31u IPv4 106321 TCP 127.0.0.1:60440->127.0.0.1:3128 (ESTABLISHED) firefox-b 6613 1000 44u IPv4 106325 TCP 127.0.0.1:60441->127.0.0.1:3128 (ESTABLISHED) firefox-b 6613 1000 50u IPv4 106201 TCP 127.0.0.1:60437->127.0.0.1:3128 (ESTABLISHED) deluge 6908 1000 8u IPv4 23179 TCP *:6881 (LISTEN) deluge 6908 1000 30u IPv4 23185 UDP *:6881 deluge 6908 1000 45u IPv4 106740 TCP 192.168.1.100:50584->217.169.223.161:38406 (SYN_SENT) deluge 6908 1000 57u IPv4 70529 TCP 192.168.1.100:57325->24.67.82.222:21250 (ESTABLISHED) deluge 6908 1000 58u IPv4 106105 TCP 192.168.1.100:38073->24.16.233.1:48479 (ESTABLISHED) .......... ...... ssh 6917 1000 3u IPv4 23430 TCP 10.1.11.3:42658->10.10.29.66:22 (ESTABLISHED)
First column COMMAND - gives out information about program name. Please see output header for details. For example, gweather* command gets the weather report weather information from the U.S National Weather Service (NWS) servers (140.90.128.70), including the Interactive Weather Information Network (IWIN) and other weather services.
Where,
- -P : This option inhibits the conversion of port numbers to port names for network files. Inhibiting the conver-
sion may make lsof run a little faster. It is also useful when port name lookup is not working properly. - -n : This option inhibits the conversion of network numbers to host names for network files. Inhibiting conversion may make lsof run faster. It is also useful when host name lookup is not working properly.
- -l : This option inhibits the conversion of user ID numbers to login names. It is also useful when login name lookup is working improperly or slowly.
- +M : Enables the reporting of portmapper registrations for local TCP and UDP ports.
- -i4 : IPv4 listing only
- -i6 : IPv6 listing only
netstat command example
Type the command as follows:
# netstat -tulpn
OR
# netstat -npl
Output:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6881 0.0.0.0:* LISTEN 6908/python tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5562/cupsd tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 6278/(squid) tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 5854/exim4 udp 0 0 0.0.0.0:32769 0.0.0.0:* 6278/(squid) udp 0 0 0.0.0.0:3130 0.0.0.0:* 6278/(squid) udp 0 0 0.0.0.0:68 0.0.0.0:* 4583/dhclient3 udp 0 0 0.0.0.0:6881 0.0.0.0:* 6908/python
Last column PID/Program name gives out information regarding program name and port.
Where,
- -t : TCP port
- -u : UDP port
- -l : Show only listening sockets.
- -p : Show the PID and name of the program to which each socket / port belongs
- -n : No DNS lookup (speed up operation)
/etc/services file
/etc/services is a plain ASCII file providing a mapping between friendly textual names for internet services, and their underlying assigned port numbers and protocol types. Every networking program should look into this file to get the port number (and protocol) for its service. You can view this file with the help of cat or less command:
$ cat /etc/services
$ grep 110 /etc/services
$ less /etc/services
Further readings:
- man pages - lsof, nmap, services, netstat
Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
Related Linux / UNIX FAQ:
- Linux: Find out which network card or NIC server is bind or running on
- How do I find out what network services are running or listing under Linux?
- Change vsftpd ftp server port 21
- Howto Secure portmap service using iptables and TCP Wrappers under Linux
- What ports need to be open for Samba to communicate with other windows/linux systems?
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Please do not use the comment form to ask for help / question. Ask your question on the excellent Linux tech support forum. Thank you very much for stopping by our site!
Tags: /etc/services, display open port list, dns lookup, find specific TCP port list, host name, internet services, list open port, lsof command, netstat command, network numbers, networking program, plain ascii, port names, protocol, sockets, tcp port, udp port, udp ports ~ Last updated on: February 20, 2008
February 20th, 2008 at 8:36 pm
netstat offers other argument to better visualize process and ports, inclusive root programs.
sudo netstat -antpuewFebruary 20th, 2008 at 8:45 pm
Hey Claudio
FreeBSD 6.3 - netstat -antpuew
Error:
netstat: uew: unknown or uninstrumented protocol
Any idea? lsof is only working
February 21st, 2008 at 12:31 pm
pinnacle, the previous netstat arguments is available for linux, solaris and freebsd needs to use pfiles and lsof, respectively. Sorry, I didn’t say before.