How to find Processes Listening to a port on Linux

Are you trying to find out running processes occupying an open port on Linux?

This guide will help you.

A Port is basically an endpoint of communication used in computer networks. Similarly, a port act as a logical construct that acts as communication port of network service such as SSH, HTTPD and so on at software or operating system level.
Here at LinuAPT, as part of our Server Management Services, we regularly help our Customers to troubleshoot their Servers.
In this context, you shall learn the Linux commands to find out which process is listening to a TCP or UDP port.

More information about Port in Linux?

As earlier stated, a port is an endpoint of communication used in computer networks for establishing connection for network service.
The most common port are TCP and UDP. TCP is an acronym for Transmission Control Protocol. UDP is an acronym for User Datagram Protocol.

Linux Programs Which Helps To Find Out Which Process Is Listening Upon a Port?

You can use the following programs to find out about port numbers and its associated process:

i. netstat command or ss command – a command-line tool that displays network connections, routing tables, and a number of network interface statistics.
ii. fuser command – a command line tool to identify processes using files or sockets.
iii. lsof command – a command line tool to list open files under Linux / UNIX to report a list of all open files and the processes that opened them.
iv. /proc/$pid/ file system – Under Linux /proc includes a directory for each running process (including kernel processes) at /proc/PID, containing information about that process, notably including the processes name that opened port.

You must execute the above command(s) as the root user.

How to display processes listening to a port on Linux using netstat?

To find out process listening to a port, exucute the netstat command below;

netstat -tulpn

This will display an output such as this;

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1140/mysqld     

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      850/portmap     

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1610/apache2    

tcp        0      0 0.0.0.0:55091           0.0.0.0:*               LISTEN      910/rpc.statd   

tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1467/dnsmasq    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      992/sshd        

tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1565/cupsd      

tcp        0      0 0.0.0.0:7000            0.0.0.0:*               LISTEN      3813/transmission

tcp6       0      0 :::22                   :::*                    LISTEN      992/sshd        

tcp6       0      0 ::1:631                 :::*                    LISTEN      1565/cupsd      

tcp6       0      0 :::7000                 :::*                    LISTEN      3813/transmission

udp        0      0 0.0.0.0:111             0.0.0.0:*                           850/portmap     

udp        0      0 0.0.0.0:662             0.0.0.0:*                           910/rpc.statd   

udp        0      0 192.168.122.1:53        0.0.0.0:*                           1467/dnsmasq    

udp        0      0 0.0.0.0:67              0.0.0.0:*                           1467/dnsmasq    

udp        0      0 0.0.0.0:68              0.0.0.0:*                           3697/dhclient   

udp        0      0 0.0.0.0:7000            0.0.0.0:*                           3813/transmission

udp        0      0 0.0.0.0:54746           0.0.0.0:*                           910/rpc.statd  

Here, you will see that TCP port 3306 is opened and used by mysqld process having PID # 1140.
To verify this, execute the /proc command as shown below;

ls -l /proc/1140/exe 

This will give you an output such as this;

lrwxrwxrwx 1 root root 0 2020-10-29 10:20 /proc/1140/exe -> /usr/sbin/mysqld

You can filter our information by running the grep command or grep command as shown below;

netstat -tulpn | grep :80

The output will look like this;

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1610/apache2

How to use ss command to detect port used by a service?

Let's say your want to detect the port used by a service such as "tulpn", you can run the follow commands;

sudo ss -tulpn

sudo ss -tulpn | grep :3306

How to detect processes PID running on a port using fuser command?

Let's say you want to know the processes PID using tcp port 7000, simply execute;

fuser 7000/tcp

This will display the output such as;

7000/tcp:             3813

Similarly, to find out process name associated with PID # 3813, simply execute:

ls -l /proc/3813/exe 

How to find out current Working Directory of a Process?

To find out current working directory of a process such as BitTorrent or pid 3813, simply execute:

ls -l /proc/3813/cwd

You can also use  pwdx command by running;

 pwdx 3813

You will get an output such as this;

3813: /home/user

How to find out owner of a Process on Linux?

To find out the owner of a process PID such as 3813, simply execute;

ps aux | grep 3813

Or, you can use the "/proc/$PID/environ" option, as shown below;

cat /proc/3813/environ

[Need urgent support in detecting a running process using a port on Linux? We are available to help you today.]