How to get services listening to a particular port in Linux ?

Today we will look how to get the service name listening to a particular port on Linux.

The preferred and widely used command is netstat.

With netstat, we can grep the port number say 53 and check out the results.

1. Using netstat command

[root@ngelinux ]# netstat -ltnp | grep :53
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      3970/dnsmasq        
[root@ngelinux ]# 

### If netstat command doesn't exists, we can 
### use below command to install it.
### yum install net-tools 

Lets understand its various options:

-l : Show only listening sockets.
-p : Show the PID and name of the program to which each socket / port belongs
-n : Show numbers, don’t translate into name i.e. no DNS lookup (speed up operation)
-t : TCP port
-u : UDP port

2. /etc/services file.

/etc/services file is just like a small database containing the port number and its corresponding service.
However it doesn’t guarantee that the same service is running on that port or not.

To confirm if the service is running, we can either use netstat or lsof command.

$ cat /etc/services | grep " 53/"
domain           53/udp     # Domain Name Server
domain           53/tcp     # Domain Name Server

3. lsof command.

lsof i.e. “list open files” gets the files currently opened and used by the system as of now.

# lsof -Pnl +M 
### gets IPv4 addresses
### grep the port number here

$ lsof -Pnl +M  | grep :53
firefox   1819      505   40u     IPv4 0xdf0727d5eed1dbc5        0t0      TCP 17.168.63.98:53216->216.58.196.174:443 (ESTABLISHED)
firefox   1819      505   88u     IPv4 0xdf0727d5e9e167b5        0t0      TCP 17.168.63.98:53228->216.58.197.37:443 (ESTABLISHED)

We can see above that there are no active connections on port 53 and hence no result.

Some Most common Options:

-i4 : Gets the IPv4 results, and skips IPv6.
-P : Skips the conversion of port numbers into port names, and makes it a bit fast.
-n : Skips the conversion of network numbers into host names.
-l : Skips the conversion of user id numbers into login names.
+M : Enables(+) reporting of portmapper registrations for local TCP, UDP, and UDPLITE ports.

Leave a Reply

avatar
  Subscribe  
Notify of