Today we will look how to get the service name listening to a particular port on Linux.
The preferred and widely used command is netstat.
With netstat, we can grep the port number say 53 and check out the results.
1. Using netstat command
[root@ngelinux ]# netstat -ltnp | grep :53 tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 3970/dnsmasq [root@ngelinux ]# ### If netstat command doesn't exists, we can ### use below command to install it. ### yum install net-tools
Lets understand its various options:
-l : Show only listening sockets.
-p : Show the PID and name of the program to which each socket / port belongs
-n : Show numbers, don’t translate into name i.e. no DNS lookup (speed up operation)
-t : TCP port
-u : UDP port
2. /etc/services file.
/etc/services file is just like a small database containing the port number and its corresponding service.
However it doesn’t guarantee that the same service is running on that port or not.
To confirm if the service is running, we can either use netstat or lsof command.
$ cat /etc/services | grep " 53/" domain 53/udp # Domain Name Server domain 53/tcp # Domain Name Server
3. lsof command.
lsof i.e. “list open files” gets the files currently opened and used by the system as of now.
# lsof -Pnl +M ### gets IPv4 addresses ### grep the port number here $ lsof -Pnl +M | grep :53 firefox 1819 505 40u IPv4 0xdf0727d5eed1dbc5 0t0 TCP 18.104.22.168:53216->22.214.171.124:443 (ESTABLISHED) firefox 1819 505 88u IPv4 0xdf0727d5e9e167b5 0t0 TCP 126.96.36.199:53228->188.8.131.52:443 (ESTABLISHED)
We can see above that there are no active connections on port 53 and hence no result.
Some Most common Options:
-i4 : Gets the IPv4 results, and skips IPv6.
-P : Skips the conversion of port numbers into port names, and makes it a bit fast.
-n : Skips the conversion of network numbers into host names.
-l : Skips the conversion of user id numbers into login names.
+M : Enables(+) reporting of portmapper registrations for local TCP, UDP, and UDPLITE ports.