How to Find Ports Opened by Process Id in Linux

Find the port number of a specific process by using the PID

The port number is shown after the local or foreign address, is the number followed by the semicolumn, i.e. :

192.168.43.6:42010   198.252.206.25:443

How can I figure out which process is opening the certain tcp port?

I you have /proc mounted and bash and readlink both installed,
You can write a small bash script that parses /proc/net/tcp, and scan /proc/*/fd/ to find the corresponding socket.

I'm not so familiar with embedded linux, but if you cannot find readlink, it may be included in busybox.

/proc/net/tcp is something like

sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
0: 00000000:4E7A 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 13128 1 ffff8800cf960740 99 0 0 10 0

The local_address is hex string of HOST:PORT, so the script searches for :0016 when you want to search tcp 22 port.

Once it founds the row which contains :0016 in local_address,
the inode is the corresponding socket number.

Then it searchs for /proc/*/fd/* which has the socket number using readlink command.

#!/bin/bash
PORT="$1"
HEX_PORT=$(printf %04X $PORT)
INODE=""
if ! [ "$PORT" ];then
  echo "usage $0 [PORT]"
  exit
fi
while read num host_port _ _ _ _ _ _ _ inode _; do
  if [[ $host_port =~ :"$HEX_PORT"$ ]];then
    INODE=$inode
  fi
done < /proc/net/tcp
if ! [ "$INODE" ];then
  echo "no process using $PORT"
  exit
fi
for fn in /proc/[1-9]*/fd/*; do
  if [ "$(readlink $fn)" = "socket:[$INODE]" ];then
    tmp=${fn%/fd*}
    echo ${tmp#/proc/}
  fi
done

How to determine which process is using a port in Linux

1.  lsof -i:8080
2.  kill $(lsof -t -i:8080)
or
2 . kill -9 $(lsof -t -i:8080)

How do I find out which process is listening on a TCP or UDP port on Windows?

PowerShell

TCP

Get-Process -Id (Get-NetTCPConnection -LocalPort YourPortNumberHere).OwningProcess

UDP

Get-Process -Id (Get-NetUDPEndpoint -LocalPort YourPortNumberHere).OwningProcess

cmd

 netstat -a -b

(Add -n to stop it trying to resolve hostnames, which will make it a lot faster.)

Note Dane's recommendation for TCPView. It looks very useful!

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

how to get process id attached with particular port in sunos

pfiles /proc/* 2>/dev/null | nawk '
/^[0-9]*:/ { pid=$0 }
/port: 7085$/ { printf("%s %s\n",pid,$0);}'

• pfiles /proc/* is retrieving all processes file descriptors details
• 2>/dev/null is dropping out errors due to transient processes died in the meantime
• each line starting with a number followed by a colon reports the process id and details, it is stored in the awk pid variable
• when a line ends with the string port: <portnumber> (here is 7085), the corresponding pid variable is displayed.

Note: you need the required privilege(s) to get port information from processes you do not own (root has all privileges).

---

Related Topics