¿Cómo podemos encontrar qué proceso está utilizando un puerto en particular?

Dado un número de puerto, ¿cómo podemos encontrar qué proceso lo está utilizando?

Tenemos una variedad de opciones:

  • netstat
  • fuser
  • lsof

netstat

 sudo netstat -nlp 

le dará todas las conexiones de red abierta.

 $ netstat -nlp (No info could be read for "-p": geteuid()=901743 but you should be root.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:44886 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:8139 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:81 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:48562 0.0.0.0:* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 :::46871 :::* LISTEN - tcp6 0 0 ::1:6010 :::* LISTEN - tcp6 0 0 :::57179 :::* LISTEN - tcp6 0 0 :::5666 :::* LISTEN - tcp6 0 0 :::111 :::* LISTEN - tcp6 0 0 :::4949 :::* LISTEN - udp 0 0 127.0.0.1:896 0.0.0.0:* - udp 0 0 0.0.0.0:45467 0.0.0.0:* - udp 0 0 0.0.0.0:111 0.0.0.0:* - udp 0 0 10.105.2.3:123 0.0.0.0:* - udp 0 0 127.0.0.1:123 0.0.0.0:* - udp 0 0 0.0.0.0:123 0.0.0.0:* - udp 0 0 0.0.0.0:39554 0.0.0.0:* - udp 0 0 0.0.0.0:711 0.0.0.0:* - udp 0 0 0.0.0.0:10000 0.0.0.0:* - udp6 0 0 :::53766 :::* - udp6 0 0 :::49696 :::* - udp6 0 0 :::111 :::* - udp6 0 0 fe80::5054:ff:fed0::123 :::* - udp6 0 0 ::1:123 :::* - udp6 0 0 :::123 :::* - udp6 0 0 :::711 :::* - Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 7943 - /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 8494 - /run/rpcbind.sock unix 2 [ ACC ] STREAM LISTENING 729659 - /var/run/mysqld/mysqld.sock unix 2 [ ACC ] STREAM LISTENING 11324 - /var/run/php5-fpm.sock unix 2 [ ACC ] STREAM LISTENING 11082 - /var/run/nscd/socket unix 2 [ ACC ] STREAM LISTENING 7607 - @/com/ubuntu/upstart unix 2 [ ACC ] STREAM LISTENING 668784 - /var/run/nslcd/socket unix 2 [ ACC ] SEQPACKET LISTENING 6768 - /run/udev/control unix 2 [ ACC ] STREAM LISTENING 8924 - /var/run/acpid.socket 

lsof

 lsof -i tcp:43796 

le dará la lista de procesos utilizando el puerto TCP 43796.

 $ lsof -i tcp:1723 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME pptpd 2870 root 6u IPv4 17638 0t0 TCP *:1723 (LISTEN) 

fuser

 fuser 43796/tcp 

le dará la lista de pids utilizando el puerto TCP 43796.

 $ fuser 1723/tcp 1723/tcp: 2870 

Fuente

Prueba lsof

 sudo lsof -n -P -i +c 13 

La salida será como

 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME avahi-daemon 1222 avahi 13u IPv4 10835 0t0 UDP *:5353 avahi-daemon 1222 avahi 14u IPv6 10836 0t0 UDP *:5353 avahi-daemon 1222 avahi 15u IPv4 10837 0t0 UDP *:32913 avahi-daemon 1222 avahi 16u IPv6 10838 0t0 UDP *:41774 cupsd 1242 root 8u IPv6 1847 0t0 TCP [::1]:631 (LISTEN) cupsd 1242 root 9u IPv4 1848 0t0 TCP 127.0.0.1:631 (LISTEN) dhclient 1859 root 6u IPv4 11971 0t0 UDP *:68 gdomap 1876 nobody 3u IPv4 11083 0t0 UDP *:538 gdomap 1876 nobody 4u IPv4 11084 0t0 TCP *:538 (LISTEN) master 1975 root 12u IPv4 12024 0t0 TCP 127.0.0.1:25 (LISTEN) master 1975 root 13u IPv6 12025 0t0 TCP [::1]:25 (LISTEN) dnsmasq 1987 nobody 4w IPv4 12039 0t0 UDP 127.0.0.1:53 dnsmasq 1987 nobody 5u IPv4 12040 0t0 TCP 127.0.0.1:53 (LISTEN) firefox 4370 shashank 50u IPv4 18226 0t0 TCP 192.168.1.2:33467->69.171.248.16:443 (ESTABLISHED) 

O prueba netstat

  sudo netstat --tcp --programs 

la salida será como

 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 29 0 192.168.1.2:44054 69.59.197.29:http ESTABLISHED 4370/firefox tcp 0 0 192.168.1.2:44087 69.59.197.29:http ESTABLISHED 4370/firefox tcp 58 0 192.168.1.2:43895 69.59.197.29:http ESTABLISHED 4370/firefox tcp 58 0 192.168.1.2:43935 69.59.197.29:http ESTABLISHED 4370/firefox 
 lsof -t -itcp:PORT 

p.ej

 $ lsof -t -itcp:8080 17396