I am a new Linux system user. I need to find out which process is listening on a port on Linux using the command line. How do you find out which process is listening on a port on Linux operating systems?
A network port in Linux is nothing but a number that identifies one side of a connection between two systems. All networked devices use port numbers to determine to which process a message should be delivered. The domain name and IP address are like a street address, and port numbers are like room numbers.
Popular port numbers in Linux
- HTTP – TCP 80
- HTTPS – TCP 443
- POP3 – TCP 110
- SMTP – TCP 25
- SSH – TCP 22
- DNS/DOMAIN – TCP/UDP 53
Use the cat command or grep command/egrep command to query port numbers as follows:cat /etc/services
grep -w 80 /etc/services
egrep -w '53/(tcp|udp)' /etc/services
How to check if a port is in use on Linux
The procedure is as follows:
- Open the terminal application
- Type any one of the followin command to check if a port is in use on Linux
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo netstat -tulpn | grep :443
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep ':22'
Let us see some examples and sample commands in details.
How can you find out which process is listening on a port on Linux
Type the ss command or netstat command to see if a TCP port 443 is in use on Linux?sudo netstat -tulpn | grep :443
sudo ss -tulpn | grep :443
If a port is open, you should see the output as follows:
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 438/nginx -g daemo
The port 443 is in use and opened by nginx service. Where,
- -t : Display TCP sockets/port
- -u : Show UDP sockets/port
- -l : See only listening sockets i.e. open port
- -p : Also display process name that opened port/socket
- -n : View addresses and port numbers in numerical format. Do not use DNS to resolve names.
Getting a list of all open port in production
Simply run:sudo lsof -i -P -n | grep LISTEN
sudo ss -tulpn
sudo netstat -tulpn
Sample outputs:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 500/redis-server 12 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 438/nginx -g daemon tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 407/lighttpd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 438/nginx -g daemon tcp6 0 0 :::80 :::* LISTEN 438/nginx -g daemon udp 0 0 0.0.0.0:68 0.0.0.0:* 277/dhclient |
Another outputs from the lsof command:
From the above outputs, it is clear that Lighttpd opened port TCP port 8080 and Nginx server opened TCP 80 and 443 ports. All of these servers run under a user named “www-data”.
Conclusion
You learned how to see if a port is in use on a Linux based machine using various command line utilities.
