Who is occupying my port in Linux

Posted by nadz on Tue, 11 Jan 2022 10:52:36 +0100

The prompt Address already in use must have been encountered. How can we quickly find and solve the problem? Here are several postures to learn about

When troubleshooting network connectivity or application specific problems, one of the first things to check should be which ports are actually used on the system and which application is listening on a specific port.

This article describes how to use netstat, ss and lsof commands to find out which services are listening on which ports. This description applies to all Linux and Unix based operating systems, such as macOS.

#What is a listening port

A network port is identified by its number, the associated IP address, and the type of communication protocol (such as TCP or UDP).

A listening port is a network port on which an application or process listens, acting as a communication endpoint.

Each listening port can be turned on or off (filtered) using a firewall. In general, an open port is a network port that accepts incoming packets from a remote location.

You cannot have two services listen to the same port on the same IP address.

For example, if you are running an Apache Web server that listens on ports 80 and 443 and try to install Nginx, the latter will not start because the HTTP and HTTPS ports are already in use.

#Check the listening port with netstat

netstat is a command-line tool that provides information about network connections.

To list all TCP or UDP ports that are listening, including the service and socket status using the port, use the following command:

sudo netstat -tunlp

The options used in this command have the following meanings:

  • -t - displays the TCP port.

  • -u - displays UDP ports.

  • -n - displays numeric addresses instead of resolving hosts.

  • -l - displays only listening ports.

  • -p - displays the PID and name of the listener process. This message is displayed only when you run the command as root or sudo user.

The output will be as follows:

Proto Recv-Q Send-Q Local Address   Foreign Address     State       PID/Program name      tcp        0      0 0:22              0:*               LISTEN      445/sshd              tcp        0      0 0:25              0:*               LISTEN      929/master            tcp6       0      0 :::3306           ::*               LISTEN      534/mysqld            tcp6       0      0 :::80             :::*              LISTEN      515/apache2           tcp6       0      0 :::22             :::*              LISTEN      445/sshd              tcp6       0      0 :::25             :::*              LISTEN      929/master            tcp6       0      0 :::33060          :::*              LISTEN      534/mysqld            udp        0      0 0:68              0:*                           966/dhclient  

In our case, the important columns are:

  • Proto - the protocol used by the socket.

  • Local Address - the IP address and port number on which the process listens.

  • PID/Program name -PID and process name.

If you want to filter the results, use the grep command. For example, to find a process listening on TCP port 22, you can enter:

sudo netstat -tnlp | grep :22  

The output shows that port 22 on this computer is used by the SSH server:

tcp        0      0 0:22              0:*               LISTEN      445/sshd  tcp6       0      0 :::22             :::*              LISTEN      445/sshd  

If the output is empty, it indicates that there is no listening on the port.

You can also filter the list according to conditions, such as PID, protocol, status, etc.

netstat is obsolete and replaced by ss and ip, but it is still the most commonly used command to check network connections.

#Use ss

Check the listening port

ss is the new netstat. It lacks some features of netstat, but exposes more TCP status and is slightly faster. The command options are basically the same, so the conversion from netstat to ss is not difficult.

To get a list of all listening ports using ss, enter:

sudo ss -tunlp

The output is almost the same as that of the netstat report:

State    Recv-Q   Send-Q     Local Address:Port      Peer Address:Port                                                                                          LISTEN   0        128              0:22             0:*      users:(("sshd",pid=445,fd=3))                                                          LISTEN   0        100              0:25             0:*      users:(("master",pid=929,fd=13))                                                       LISTEN   0        128                    *:3306                 *:*      users:(("mysqld",pid=534,fd=30))                                                       LISTEN   0        128                    *:80                   *:*      users:(("apache2",pid=765,fd=4),("apache2",pid=764,fd=4),("apache2",pid=515,fd=4))     LISTEN   0        128                 [::]:22                [::]:*      users:(("sshd",pid=445,fd=4))                                                          LISTEN   0        100                 [::]:25                [::]:*      users:(("master",pid=929,fd=14))                                                       LISTEN   0        70                     *:33060                *:*      users:(("mysqld",pid=534,fd=33))  

#Using lsof

Check the listening port

lsof is a powerful command-line application that provides information about files opened by a process.

In Linux, everything is a file. You can think of a socket as a file written to the network.

To get a list of all listening TCP ports with lsof, enter:

sudo lsof -nP -iTCP -sTCP:LISTEN  

The options used are as follows:

  • -n - do not convert port numbers to port names.

  • -p - displays the numeric address without resolving the host name.

-iTCP -sTCP:LISTEN - displays only network files with TCP status of LISTEN.


COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME  sshd      445     root    3u  IPv4  16434      0t0  TCP *:22 (LISTEN)  sshd      445     root    4u  IPv6  16445      0t0  TCP *:22 (LISTEN)  apache2   515     root    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)  mysqld    534    mysql   30u  IPv6  17636      0t0  TCP *:3306 (LISTEN)  mysqld    534    mysql   33u  IPv6  19973      0t0  TCP *:33060 (LISTEN)  apache2   764 www-data    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)  apache2   765 www-data    4u  IPv6  16590      0t0  TCP *:80 (LISTEN)  master    929     root   13u  IPv4  19637      0t0  TCP *:25 (LISTEN)  master    929     root   14u  IPv6  19638      0t0  TCP *:25 (LISTEN)  

Most output column names are self explanatory:

  • COMMAND, PID, USER - the name, PID and USER of the program associated with the port.

  • NAME - port number.

To find a process listening on a specific port, such as port 3306, you can use:

sudo lsof -nP -iTCP:3306 -sTCP:LISTEN  

The output shows that the MySQL server uses port 3306:

COMMAND PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME  mysqld  534 mysql   30u  IPv6  17636      0t0  TCP *:3306 (LISTEN)


Welfare at the end of the article

You can add teacher Qianqian vx to get the latest information

Don't forget to scan the code and get the [Java HD roadmap] and [full set of learning videos and supporting materials]

Topics: JavaEE network Back-end server TCP/IP