Find out who is connected to which service and which user and process owns a port.

Here are some useful utilities. Netstat or Ss is a command that will list both the open ports and who is connected to your system. You should run it like this:

root:~# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:45982 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:994 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN

or

root:~# ss -an
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::443 :::*
LISTEN 0 50 :::445 :::*
LISTEN 0 128 *:45982 *:*
LISTEN 0 64 :::993 :::*
LISTEN 0 64 *:2049 *:*
LISTEN 0 128 *:994 *:*
LISTEN 0 50 127.0.0.1:3306 *:*

This way you can find out who is connected to which service.

Another interesting command is the fuser program. This program can tell you which user and process owns a
port. For example, the following command will tell you who owns port 22:

root:~# fuser -v -n tcp 22
USER PID ACCESS COMMAND
22/tcp: root 1743 F.... sshd
root 12184 f.... sshd
user 12207 F.... sshd

or

root:~# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1743 ssh 3u IPv4 5861 0t0 TCP *:ssh (LISTEN)
sshd 1743 ssh 4u IPv6 5864 0t0 TCP *:ssh (LISTEN)
sshd 12184 ssh 3u IPv4 957477 0t0 TCP server:ssh->193.120.51.186:39516 (ESTABLISHED)
sshd 12207 user 3u IPv4 957477 0t0 TCP server:ssh->193.120.51.186:39516 (ESTABLISHED)

Leave a Reply

Your email address will not be published. Required fields are marked *

*