How do I find out running processes were associated with each open port? How do I find out what process has open tcp port 111 or udp port 7000 under Linux?

 

  1. netstat - a command-line tool that displays network connections, routing tables, and a number of network interface statistics.
  2. fuser - a command line tool to identify processes using files or sockets.
  3. lsof - a command line tool to list open files under Linux / UNIX to report a list of all open files and the processes that opened them.
  4. /proc/$pid/ file system - Under Linux /proc includes a directory for each running process (including kernel processes) at /proc/PID, containing information about that process, notably including the processes name that opened port.

 

netstat -tulpn

 

Active Internet connections (only servers)
Proto Recv-Q Send-Q  Local Address      Foreign Address   State       PID/Program name
tcp   0    0       127.0.0.1:3306     0.0.0.0:*         LISTEN      1138/mysqld          
tcp   0      0       0.0.0.0:111        0.0.0.0:*         LISTEN      850/portmap          
tcp   0      0       0.0.0.0:80         0.0.0.0:*         LISTEN      1607/apache2       
tcp   0      0       0.0.0.0:55091      0.0.0.0:*         LISTEN      910/rpc.statd         
tcp   0      0       192.168.122.1:53 0.0.0.0:*         LISTEN      1467/dnsmasq       
tcp   0      0       0.0.0.0:22         0.0.0.0:*         LISTEN      992/sshd                
tcp   0      0       127.0.0.1:631      0.0.0.0:*         LISTEN      1565/cupsd            
tcp   0      0       0.0.0.0:7000       0.0.0.0:*         LISTEN      3813/transmission 
tcp6  0      0       :::22              :::*              LISTEN      992/sshd                
tcp6  0      0       ::1:631            :::*              LISTEN      1565/cupsd            
tcp6  0      0       :::7000            :::*              LISTEN      3813/transmission 
udp   0      0       0.0.0.0:111        0.0.0.0:*                     850/portmap          
udp   0      0       0.0.0.0:662        0.0.0.0:*                     910/rpc.statd          
udp   0      0       192.168.122.1:53 0.0.0.0:*                     1467/dnsmasq       
udp   0      0       0.0.0.0:67         0.0.0.0:*                     1467/dnsmasq       
udp   0      0       0.0.0.0:68         0.0.0.0:*                     3697/dhclient         
udp   0      0       0.0.0.0:7000       0.0.0.0:*                     3813/transmission  
udp   0      0       0.0.0.0:54746      0.0.0.0:*                     910/rpc.statd          

TCP port 3306 was opened by mysqld process having PID # 1138. You can verify this using /proc, enter:

ls -l /proc/1138/exe                                                                                               

Sample outputs:

lrwxrwxrwx 1 root root 0 2010-10-29 10:20 /proc/1138/exe -> /usr/sbin/mysqld                                       

You can use grep command to filter out information:

netstat -tulpn | grep :80                                                                                          

Output:

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1607/apache2