When we covered port scanning a short while ago we discovered how to tell which ports had processes listening upon them, via port scanning. What we didn't do was learn how to tell which processes were associated with each open port.

Often you'll know which applications are going to be using a particular port, because it's the standard one, or because you know you set it up.

For example when you see something listening upon port 25 you tend to expect it to be a mailserver, and similarly if you find something listening on port 80 you'll not be suprised to discover it's a webserver.

Sometimes though these assumptions can be mistaken, and other times you'll discover an open port which you simply don't recognise. If you're examing a machine you're not sure you trust fully it's worth checking exactly which processes are really running.

As we noted in the the introduction to port scanning with nmap you can lookup which service uses any of the "standard" ports by referring to the file /etc/services.

For example we can open that file in our favourite editor, or pager, and see that port 43/tcp is associated with "whois", and that port 53 is associated with DNS.

These don't help you much if you have a service which has had it's default port changed - something some people suggest you do as a means of increasing security. (Personally I believe such misdirection is misguided at best, and counter-productive at worst).

What you really need to do is to lookup the process which is currently bound to the given network port. Thankfully this is a simple job with use of the lsof package.

If you don't have lsof already you can download and install it by becoming root and running:

root@mystery:~# apt-get install lsof

This will download and install the package for you, along with any dependencies which might be required:

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
lsof
0 upgraded, 1 newly installed, 0 to remove and 16 not upgraded.
Need to get 339kB of archives.
After unpacking 549kB of additional disk space will be used.
Get:1 http://http.us.debian.org unstable/main lsof 4.75.dfsg.1-1 [339kB]
Fetched 339kB in 3s (90.8kB/s)
Selecting previously deselected package lsof.
(Reading database ... 69882 files and directories currently installed.)
Unpacking lsof (from .../lsof_4.75.dfsg.1-1_i386.deb) ...
Setting up lsof (4.75.dfsg.1-1) ...

Once you have the package installed you can now discover precisely which processes are bound upon particular ports.

If you have the Apache webserver running on port 80 that will provide a suitable test candidate. If not you can choose another port you know is in use.

To discover the process name, ID (pid), and other details you need to run:

lsof -i :port

So to see which process is listening upon port 80 we can run:

root@mystery:~# lsof -i :80

This gives us the following output:

COMMAND   PID     USER   FD   TYPE   DEVICE SIZE NODE NAME
apache2 10437 root 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 10438 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 10439 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 10440 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 10441 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 10442 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 25966 www-data 3u IPv6 22890556 TCP *:www (LISTEN)
apache2 25968 www-data 3u IPv6 22890556 TCP *:www (LISTEN)

Here you can see the command running (apache2), the username it is running as www-data, and some other details.

Similarly we can see which process is bound to port 22:

root@mystery:~# lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 8936 root 3u IPv6 12161280 TCP *:ssh (LISTEN)

To see all the ports open for listening upon the current host you can use another command netstat (contained in the net-tools package):

root@mystery:~# netstat -a |grep LISTEN |grep -v unix
tcp 0 0 *:2049 *:* LISTEN
tcp 0 0 *:743 *:* LISTEN
tcp 0 0 localhost.localdo:mysql *:* LISTEN
tcp 0 0 *:5900 *:* LISTEN
tcp 0 0 localhost.locald:sunrpc *:* LISTEN
tcp 0 0 *:8888 *:* LISTEN
tcp 0 0 localhost.localdom:smtp *:* LISTEN
tcp6 0 0 *:www *:* LISTEN
tcp6 0 0 *:distcc *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN

Here you can see that there are processes listening upon ports 2049, 743, 5900, and several others.

(The second grep we used above was to ignore Unix domain sockets).

If you're curious to see which programs and services are used in those sockets you can look them up as we've already shown:

root@mystery:~# lsof -i :8888
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
gnump3d 25834 gnump3d 3u IPv4 61035200 TCP *:8888 (LISTEN)

This tells us that the process bound to port 8888 is the gnump3d MP3 streamer.

Port 2049 and 743 are both associated with NFS. The rest can be tracked down in a similar manner. (You'll notice that some ports actually have their service names printed next to them, such as the smtp entry for port 25).

lsof is a very powerful tool which can be used for lots of jobs. If you're unfamiliar with it I recommend reading the manpage via:

man lsof

If you do so you'll discover that the -i flag can take multiple different types of arguments, to allow you to check more than one port at a time, and use IPv6 addresses too.

It's often used to see which files are open upon mounted devices, so you can kill the processes and unmount them cleanly.

How to find out which process is listening upon a port的更多相关文章

  1. Several ports (8005, 8080, 8009) required by Tomcat v8.5 Server at localhost are already in use. The server may already be running in another process, or a system process may be using the port. To sta

    eclipse出现:Several ports (8005, 8080, 8009) required by Tomcat v8.5 Server at localhost are already i ...

  2. centos运行netcore error: Another program is already listening on a port that one of our HTTP servers is configured to use. Shut this program down first before starting supervisord.

    Error: Another program is already listening on a port that one of our HTTP servers is configured to ...

  3. Running OOM killer script for process 32248 for Solr on port 8983

    Running OOM killer script for process 32248 for Solr on port 8983 分析1 https://blog.csdn.net/qq_41665 ...

  4. Error: Another program is already listening on a port that one of our HTTP servers is configured to use. Shut this program down first before starting supervisord.

    原文出处: https://blog.csdn.net/hyunbar/article/details/80111947 运行 supervisord -c /etc/supervisor/super ...

  5. 进程ID[PID(Process ID)]与端口号[(Port ID)]的联系

    1.首先声明一点:PID不是端口(port id),而是Process ID进程号的意思. 2.那么,什么是进程号? 采集网友的意见就是: 进程号,是系统分配给么一个进程的唯一标识符.PID就是各进程 ...

  6. Tomcat服务器重启失败:The server may already be running in another process, or a system process may be using the port.

    在控制台重启Tomcat服务器,报错如下: 原因分析: You've another instance of Tomcat already running. You can confirm this ...

  7. Several ports (8005, 8080, 8009) required by Tomcat v7.0 Server at localhost are already in use. The server may already be running in another process, or a system process may be using the port. To sta

    有三种导致这种错误的原因. 第一个: 是因为tomcat的服务没有被关闭所导致的,将服务关闭即可 找到tomcat的安装目录,进入bin文件夹,找到tomcat7w.exe,双击这个文件,点击stop ...

  8. supervisord 启动失败 Error: Another program is already listening on a port that one of our HTTP serve...

    Linux系统中 Supervisor 配置守护进程: 启动Supervisor 服务语句: supervisord -c /etc/supervisor/supervisord.conf 这个过程可 ...

  9. Error: Another program is already listening on a port that one of our HTTP servers is configured to use. Shut this program down first before starting

    解决方法: find / -name supervisor.sock unlink /name/supervisor.sock 2. www-data 用户是干什么用的 3.如何通过superviso ...

随机推荐

  1. 【LeetCode】1118. Number of Days in a Month 解题报告(C++)

    作者: 负雪明烛 id: fuxuemingzhu 个人博客:http://fuxuemingzhu.cn/ 目录 题目描述 题目大意 解题方法 判断是否是闰年 日期 题目地址:https://lee ...

  2. Interviewe(hdu3486)

    Interviewe Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Total ...

  3. 1434 区间LCM

    1434 区间LCM 基准时间限制:1 秒 空间限制:131072 KB 一个整数序列S的LCM(最小公倍数)是指最小的正整数X使得它是序列S中所有元素的倍数,那么LCM(S)=X. 例如,LCM(2 ...

  4. 1018 - Brush (IV)

    1018 - Brush (IV)    PDF (English) Statistics Forum Time Limit: 2 second(s) Memory Limit: 32 MB Muba ...

  5. AI实战分享 | 基于CANN的辅助驾驶应用案例

    摘要:什么是辅助驾驶?简而言之,就是借助汽车对周围环境的自动感知和分析,让驾驶员预先察觉可能发生的危险,有效增加汽车驾驶的舒适性和安全性. 导读:基于昇腾AI异构计算架构CANN的辅助驾驶AI应用实战 ...

  6. [Guide]Google Python Style Guide

    扉页 项目主页 Google Style Guide Google 开源项目风格指南 - 中文版 背景 Python 是Google主要的脚本语言.这本风格指南主要包含的是针对python的编程准则. ...

  7. 简单学生管理系统HTML前端页面

    效果图: 实现代码: <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> ...

  8. 制作四个选项卡页 Tab,用户可以通过切换不同的 Tab 页查看不同类别的新闻信息,每个 Tab 有对应的内容版块,点击某个选项卡时,显示对应的内容版块,隐藏其他内容版块,并且为了突出当前的选项卡,还

    查看本章节 查看作业目录 需求说明: 制作四个选项卡页 Tab,用户可以通过切换不同的 Tab 页查看不同类别的新闻信息,每个 Tab 有对应的内容版块,点击某个选项卡时,显示对应的内容版块,隐藏其他 ...

  9. monkey怎么做APP自动化?

    前言: monkey是andriod平台自动化测试的一种手段,通过monkey程序模拟触摸屏幕.滑动,滚屏,按键来对设备进行压力测试,检测程序多久会出现异常第一种:设置好命令,做随机自动化 什么时候可 ...

  10. 初识python: 递归函数 - 分解质因数

    分解质因数: 任何一个合数都可以写成几个质数相乘的形式.其中每个质数都是这个合数的因数,叫做这个合数的分解质因数.分解质因数只针对合数. 比如: 8 分解质因数是:2*2*2 10分解质因数是:2*5 ...