How to figure out which process holds an open port

How to figure out which process holds an open port

Post by Boo » Fri, 11 Apr 2003 07:19:34



I've scanned my linux box for open ports and found that UDP port 32768 is
open.

Is a straightforward way to see which process opened this port?

Thanks,
Boo

 
 
 

How to figure out which process holds an open port

Post by Dr. Yuan Li » Fri, 11 Apr 2003 13:49:12



> I've scanned my linux box for open ports and found that UDP port 32768 is
> open.

> Is a straightforward way to see which process opened this port?

> Thanks,
> Boo

Standard tool would be lsof, but on Linux, I believe you can use fuser, too.

Yuan Liu

 
 
 

How to figure out which process holds an open port

Post by Seth H Holme » Sat, 12 Apr 2003 23:57:01



> I've scanned my linux box for open ports and found that UDP port 32768 is
> open.

> Is a straightforward way to see which process opened this port?

as root execute

        netstat -apt

for TCP ports

        netstat -apu

for UDP ports

--
Seth H Holmes

 
 
 

1. SCP holding open connections / sshd processes

Everyone,

      We have a couple of Solaris machines, both 2.8, one with
OpenSSH_2.9p1, and one with OpenSSH_3.5p1, both of which were
downloaded as packages from Sunfreeware (istec.org). The problem we're
seeing is that the 3.5p1 version will hold open scp connections from
the 2.9p1 box, but not straight SSH terminal connections. We end up
with a whole bunch of sshd processes in the process table on the 3.5p1
box which never go away, and on the 2.9p1 box, init will end up owning
the scp processes. We have put in the KeepAlive=yes,
ClientAliveInterval=45, and ClientAliveCountMax=3 settings in the
sshd_config file, and I will get booted when I've been sitting idle on
a terminal connection for approximately 45 seconds. So, my question
then becomes - the sshd processes are not getting killed one the 3.5p1
box because init on the 2.9p1 box is still sending data, therefore the
ClientAlive* settings don't take effect, and the connection isn't
considered partly torn down so the KeepAlive setting doesn't take
effect - what's going on? Can anyone help me out here - is there a
patch or a config file setting I'm missing?

BTW, I've also asked the folks in comp.security.ssh, but also wanted
some feedback from fellow Solaris admins as well - maybe you've run into
this.

Thanks in advance,
Matthew Packard

2. Distributed Authentication and Filesystem Query

3. Sh tricks/holding ports open

4. unicast/broadcast comparison (IP)?

5. claiming a serial port held by a <defunct> process

6. ACK!! perl 4.036 networking is broken under Linux!

7. Finding & killing process holding tcp port

8. netatalk problem

9. How to figure out what is opening a specific port

10. Which port is opened by which process?

11. LAN Manager print jobs are held in the spooler with "held by admin"

12. How to tell which open ports are attached to which processes?

13. How do I find out which process has a particular port opened.