Subject: RE: Netstat port list v/s PID Date: Thu, 10 Oct 2002 00:45:23 -0700 From: "Ian H. Greenhoe" To: "Hantzley" , Hantzley (hantzley@intnet.mu) spake thus: >Is there a way to know to which process belong a particular port? e.g., >port 32773 - 32779, are known to be for rpc services. But to which process >do they pertain to, that's another issue? As root, do: netstat -anp Parameters as follows: -a : show me all connections -n : don't bother looking up DNS records (I don't wanna wait for DNS to time out multiple times) -p : show me the process ID that is connected to port in question Why you need to be root: netstat considers it a security violation to know about anybody else's [different UID] port / process connections. I agree with this, although it can be a royal PITA at times. BTW: netstat vs. lsof: netstat is more likely to be installed than lsof, and only shows = relevant items when you are wondering about net connections to process IDs. If you do want to use lsof in this instance, grep Is Your Friend. However, lsof is a handy util that I recommend that anybody install and gain familiarity with. As mentioned recently here, lsof +L1 is a wonderous command -- it shows you open files that have been deleted. Very useful after you've done an apt-get upgrade. And that's just one of its myriad of useful applications. Ian Greenhoe Date: Thu, 10 Oct 2002 11:45:35 +0300 From: Mika =?iso-8859-15?Q?Bostr=F6m?= To: Hantzley Cc: debian-security@lists.debian.org Subject: Re: Netstat port list v/s PID User-Agent: Mutt/1.4i > Is there a way to know to which process belong a particular port? e.g., > port 32773 - 32779, are known to be for rpc services. But to which process > do they pertain to, that's another issue? Netstat options have already been mentioned, and one person suggested lsof. I would add fuser from psmisc-package. -- Mika Bostr=F6m +358-40-525-7347 \-/ "The Hell is empty, Bostik@lut.fi www.lut.fi/~bostik X and all the devils Security freak, and proud of it. /-\ are here." -W.S.