Linux: how to know which process (or program) is sending data to a local port?

Question

I launched a program that listens at 127.0.0.1:3000 on a CentOS server. I haven't sent any message to the program but it keeps receiving data. I want to know who is sending data to my program. So I type in the following command:

netstat -an | grep 3000

A snapshot output is:

tcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:3000          127.0.0.1:41960         TIME_WAIT  
tcp        0      0 127.0.0.1:3000          127.0.0.1:41956         TIME_WAIT  
tcp        0      0 127.0.0.1:3000          127.0.0.1:41964         TIME_WAIT  
tcp        1      0 127.0.0.1:41968         127.0.0.1:3000          CLOSE_WAIT 
tcp        0      0 127.0.0.1:3000          127.0.0.1:41952         TIME_WAIT  
tcp        0      0 127.0.0.1:3000          127.0.0.1:41968         FIN_WAIT2

The output changes every time I type in the command. The port numbers in a pattern like 4xxxx increment frequently.

If I type in lsof -nPi tcp:3000, one of the outputs is

COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
node    76230 xxx   18u  IPv4 130828      0t0  TCP 127.0.0.1:3000 (LISTEN)
node    76230 xxx   20u  IPv4 208468      0t0  TCP 127.0.0.1:3000->127.0.0.1:42072 (ESTABLISHED)

I don't know what these 4xxxx numbers stand for. In my case, how to know who is sending data to 127.0.0.1:3000?

score 0 · Answer 1 · answered Apr 03 '21 at 05:28

0

You got a PID 76230 and having that you can get to know the process name by

$ ps -p 76230 -o comm=

answered Apr 03 '21 at 05:28

Lia

504
2
7

Linux: how to know which process (or program) is sending data to a local port?

1 Answers1