Better than netstat: lsof tells us who is listening to what
Be sure to read the first comment below, where I’m told netstat can actually do the job. Even though I have to admit that I still find lsof’s output more readable.
OK, so we have netstat to tell us which ports are opened for listening:
$ netstat -n -a | grep "LISTEN "
Thanks, that nice, but what process is listening to these ports? For TCP sockets, it’s (as root):
# lsof -n -P -i tcp 2>/dev/null | grep LISTEN
The -P flag disables conversion from port numbers to protocol names. -n prevents conversion of host names.
Reader Comments
Hi Elli,
>OK, so we have netstat to tell us which ports are >opened for listening:
>$ netstat -n -a | grep “LISTEN ”
>Thanks, that nice, but what process is listening to >these ports?
Actually you can get the process also with netstat using the -p flag
For example,
netstat -n -ap | grep “LISTEN ”
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 830/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 831/cupsd
tcp6 0 0 127.0.0.1:36391 :::* LISTEN 4064/java
tcp6 0 0 :::22 :::* LISTEN 830/sshd
tcp6 0 0 ::1:631 :::* LISTEN 831/cupsd
See man netstat:
…
…
-p, –program
Show the PID and name of the program to which each socket belongs.
…
Regards,
Rami Rosen
Thanks, that’s really cute. I’d consider changing the title of this post, but nah.
I’ll just add that you need to be root to see the listening processes that don’t belong to yourself, even with netstat -ap.