16

I'd like to find out which process (in particular, the process id) is using a given port. The one catch is, I don't want to use sudo, nor am I logged in as root. The processes I want this to work for are run by the same user that I want to find the process id - so I would have thought this was simple.

Both lsof and netstat won't tell me the process id unless I run them using sudo - they will tell me that the port is being used though.

As some extra context - I have various apps all connecting via SSH to a server I manage, and creating reverse port forwards. Once those are set up, my server does some processing using the forwarded port, and then the connection can be killed. If I can map specific ports (each app has their own) to processes, this is a simple script. Any suggestions?

This is on an Ubuntu box, by the way - but I'm guessing any solution will be standard across most Linux distros.

pat
  • 311
  • 1
  • 3
  • 9

2 Answers2

10

The --program option to netstat shows you PIDs and names of your own processes. This option is present and working on RHEL 6 in netstat 1.42 out of net-tools 1.60.

I verified that netstat -an --tcp --program shows me the PIDs of my processes.

Kazark
  • 117
  • 5
Paweł Brodacki
  • 6,511
  • 20
  • 23
  • 1
    I think you meant `-an`. `netstat -pant` also works and it's easier to remember. – Eduardo Ivanec May 08 '11 at 15:32
  • Yes, superfluous "-" crept in. And I like the mnemonic. – Paweł Brodacki May 08 '11 at 15:50
  • I'm afraid this doesn't work on Ubuntu - in that it doesn't show the process in some cases without root - and it seems an SSH forward is one of those cases. – pat May 09 '11 at 00:27
  • Pawel: now the OP has finally got concrete with his usage case (see comment in my chain), I urge you to try it again. I did, on a CentOS 5 box (also netstat 1.42 from net-tools 1.60), and it fails as he says it does. I'd be interested in your experiences. – MadHatter May 17 '11 at 06:04
3

Pawel's suggestion seems to work fine to me, but as an alternative, here's me listening from shell1:

[madhatta@risby ~]$ nc -l  localhost 3456

and here's me seeing it with lsof from shell2:

[madhatta@risby tmp]$ lsof -i tcp:3456
COMMAND   PID     USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
nc      18109 madhatta    3u  IPv4 69205153      0t0  TCP localhost.localdomain:vat (LISTEN)

Edit: you write in a comment that

SSH forwards must behave differently - even though the process is owned by the same user, I can't see it listed at all in lsof output unless I run it as root/sudo.

but this is not so for me. Having used ssh to forward local port 8001, with ssh vpn.example.com -L 8001:rt.int:80, I then find:

[madhatta@risby ~]$ lsof -n -i tcp:8001
COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ssh     5375 madhatta    8u  IPv6 381234      0t0  TCP [::1]:vcom-tunnel (LISTEN)
ssh     5375 madhatta    9u  IPv4 381235      0t0  TCP 127.0.0.1:vcom-tunnel (LISTEN)

Could you perhaps show us some of your sample output, preferably not too heavily redacted?

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • 1
    Looks like SSH forwards must behave differently - even though the process is owned by the same user, I can't see it listed at all in `lsof` output unless I run it as root/sudo. – pat May 09 '11 at 00:43
  • I get no lsof output at all on the forwarded port when run as the user. If I run it with sudo, then I see output much like what you've added to your answer. Only notable difference is I see the actual port number instead of vcom-tunnel. – pat May 12 '11 at 12:12
  • Also, this is a remote forward, not a local forward - perhaps that's the source of the difference? Or were you testing with a remote forward? – pat May 12 '11 at 12:14
  • By remote forward do you mean "from server A I ssh to server B, forwarding port xxx from server B back to server A"? If so, why would you expect to pick up anything with netstat/lsof on server A? No new listener on server A is created by this, so no port assignation on server A is involved (save ephemerally). – MadHatter May 13 '11 at 06:21
  • SSH from A to B, port forward from port X on B to port Y on C (which is inside A's firewall - hence the need for the forward), using lsof/netstat on B for port X. – pat May 15 '11 at 06:48
  • Ah, right. I reproduced this on Fedora 14 and CentOS5, so I'm afraid all I can add is yes, you appear to be right, and no, I don't understand it, either. – MadHatter May 17 '11 at 06:04
  • Appreciate the confirmation that it's not just my setup :) In the end, I built a service to get around the problem: https://github.com/flying-sphinx/redcap – pat May 18 '11 at 04:20
  • I wonder if it comes from how the user sshd instance is setup. sshd processes usually come in pairs, a root sshd process and then a user sshd sub-process. Its possible the root sshd process sets up the actual ports, then hands them to the user sshd sub-process when its forked. So perhaps the user can see the port's process because the port was originally created by root. – studgeek May 24 '20 at 00:58