Monday, March 9, 2015

FreeBSD Unix Find Out Which Programs Are Listing On a Given Port Number

                No comments   
I'm a new FreeBSD Unix system user. How can I find out the process/programs names listing on a certain port on a FreeBSD Unix systems using command line? How do I lookup the process which is currently bound to the given network port on a FreeBSD server?

 You can use any one of the following command-line tools that displays network connections, routing tables, and a number of network interface statistics on a FreeBSD operating systems.


  • netstat command - Use to see network status including open ports, tcp/udp connections, and more.
  • sockstat command - Show open sockets.
  • lsof command - List open files such as network sockets and files on disks.
FreeBSD has a command called sockstat and netstat tools. These are already on a standard FreeBSD install. You need to install the lsof tool from ports collection.

Find the process listening on a certain port using the sockstat command

An example of the netstat command with flags:
## Show listening sockets ##
sockstat -l
 
## Show listening sockets for IPv4 only ##
sockstat -4 -l
 
## Show listening sockets for IPv6 only ##
sockstat -6 -l
 
Sample outputs:
Fig.01: FreeBSD sockstat command in action
Fig.01: FreeBSD sockstat command in action

Where,
  1. USER : The user who owns and open the socket.
  2. COMMAND : The command which is responsible for the socket.
  3. PID : The process ID of the command which responsible/holds the socket.
  4. FD : The file descriptor number of the socket.
  5. PROTO : The transport protocol associated with the socket for Internet sockets, or the type of socket (stream or datagram) for UNIX sockets.
  6. LOCAL ADDRESS : For Internet sockets, this is the address the local end of the socket is bound to. For bound UNIX sockets, it is the socket's filename. For other UNIX sockets, it is a right arrow followed by the endpoint's filename, or '??' if the endpoint could not be determined.
  7. FOREIGN ADDRESS : (Internet sockets only) The address the foreign end of the socket is bound to.

Find selected ports

You can use the grep command to select a certain ports. In this example, find out if port 22 and 80 is open or not:
 
sockstat -4 -l | grep :22
sockstat -4 -l | grep :80
 
Sample outputs:
root     sshd       642   4  tcp4   *:22                  *:*

Show connected sockets only

The syntax is:
sockstat -c
sockstat -c -4
sockstat -c -4 | grep ssh
sockstat -c -4 | grep 22
root     sshd       740   3  tcp4   192.168.1.142:22      192.168.1.4:55115
(192.168.1.4 == client IP and 192.168.1.142 == server IP for port 22)

netstat command example to find out open ports and their process

Here the equivalent of netstat:
 
netstat -a -n | grep LISTEN
netstat -a | egrep 'LISTEN|Proto|Active'
netstat -a | egrep 'Proto|LISTEN'
 
Sample outputs:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 localhost.smtp         *.*                    LISTEN
tcp4       0      0 *.ssh                  *.*                    LISTEN
tcp6       0      0 *.ssh                  *.*                    LISTEN
Active UNIX domain sockets
Even though sockstat is thought to be more limited, it is nice to know because at times it can be more useful in gathering certain information. On a FreeBSD, you can get a listing of standard port associations by looking in the /etc/services. If you wanted to find out the purpose of port 631, you can use this command for example:
$ grep -w 631 /etc/services
ipp  631/tcp    #IPP (Internet Printing Protocol)
ipp  631/udp    #IPP (Internet Printing Protocol)
## what the purpose of port 22 ?##
$ grep -w 22 /etc/services
ssh   22/sctp   #Secure Shell Login
ssh   22/tcp    #Secure Shell Login
ssh   22/udp    #Secure Shell Login
It's handy if you don't know about ports and are learning about it.
# cd /usr/ports/sysutils/lsof/ && make install clean

Use lsof command to determine the process/pid listening on a certain port

Some people who have migrated from Linux to BSD like lsof command. It isn't standard like netstat and sockstat. You will have to install it. At this time there is no package.
To install it as root. So first, install the lsof command using the port:
# cd /usr/ports/sysutils/lsof/ && make install clean
Or use pkg command (warning this may not work on the latest release 10.x):
# pkg install sysutils/lsof
Sample outputs:
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 1 packages will be affected (of 0 checked):
 
New packages to be INSTALLED:
 lsof: 4.89.c,8
 
The process will require 224 KiB more space.
 
Proceed with this action? [y/N]: y
[1/1] Installing lsof-4.89.c,8...
[1/1] Extracting lsof-4.89.c,8: 100%
To discover the process name, ppid, and other details you need to use the following syntax:
lsof -i :port
lsof -i tcp:portNumber
lsof -i udp:portNumbe
For example, see which process is listening upon port 80 or 22 you can run:
lsof -i :80
OR
lsof -i :22
Sample outputs:
COMMAND PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
sshd    642 root    3u  IPv6 0xfffff8000961a400      0t0  TCP *:ssh (LISTEN)
sshd    642 root    4u  IPv4 0xfffff8000961a000      0t0  TCP *:ssh (LISTEN)
sshd    740 root    3u  IPv4 0xfffff800094dec00      0t0  TCP 192.168.1.142:ssh->192.168.1.4:55115 (ESTABLISHED)
To list all open TCP process and their pids, enter:
lsof -iTCP -sTCP:LISTEN
lsof -iTCP -sTCP:LISTEN -P -n
lsof -n -P -i +c 15
Sample outputs:
Fig.02: Find out which process is listening upon a port using lsof utility
Fig.02: Find out which process is listening upon a port using lsof utility
References
For information read sockstat command man page:

$ man sockstat
For information read netstat command man page:

$ man netstat
Not a fan of FreeBSD? See how to find out which process is listening upon a port on a Linuxoperating systems for more info.

0 comments:

Post a Comment