O'Reilly logo

Linux Server Hacks by Rob Flickenger

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hack #56. What's Holding That Port Open?

Associate a process with the port it is bound to easily with netstat

Generating a list of network ports that are in the Listen state on a Linux server is simple with netstat:

root@catlin:~# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 
tcp 0 0 10.42.3.2:53 0.0.0.0:* LISTEN 
tcp 0 0 10.42.4.6:53 0.0.0.0:* LISTEN 
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 
udp 0 0 10.42.3.2:53 0.0.0.0:* 
udp 0 0 10.42.4.6:53 0.0.0.0:* 
udp 0 0 127.0.0.1:53 0.0.0.0:* 
udp 0 0 0.0.0.0:67 0.0.0.0:* 
raw 0 0 0.0.0.0:1 0.0.0.0:* 7

Interesting. Here we see the usual services (a web server on port 80, DNS on port 53, ssh on port 22, dhcp on port 67), but what's that process listening on 5280?

Finding out which programs are actually bound to those ports is simple with recent versions of netstat. As long as you're root, just add the -p switch (for programs):

root@catlin:~# netstat -lnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 698/perl tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 217/httpd tcp 0 0 10.42.3.2:53 0.0.0.0:* LISTEN 220/named tcp 0 0 10.42.4.6:53 0.0.0.0:* LISTEN 220/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 220/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 200/sshd udp 0 0 0.0.0.0:32768 0.0.0.0:* ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required