8slxxg
Last Updated: November 02, 2017
·
481
· superboum
Avatar1

Find who is listening on DNS, HTTP or any other port on your Linux machine

Find on UDP (e.g.: DNS)

Just run this command (note the space after :53 ) :

netstat -upln|grep ":53 "

This will output something like this :

udp        0      0 10.0.3.1:53             0.0.0.0:*                           1069/named          
udp        0      0 192.168.101.254:53      0.0.0.0:*                           1069/named          
udp        0      0 192.168.13.1:53         0.0.0.0:*                           1069/named          
udp        0      0 192.168.1.254:53        0.0.0.0:*                           1069/named          
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1069/named          
udp6       0      0 :::53                   :::*                                1069/named        

If you scroll to the right in this example, you can see that a daemon called "named" with PID 1069 is listening on port 53.

Find on TCP (e.g.: HTTP)

You can adapt this command line with by replacing udp ( -u parameter) by tcp (-t parameter) and change the port, you can even filter on many ports at the same time :

netstat -tpln|grep ":80 \|:443 "

And for example it will give you :

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1906/nginx: master  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1906/nginx: master   

If you scroll to the right in this example, you can see that a daemon called "nginx" with PID 1906 is listening on port 80 and 443.

Going further

Note that you can display both TCP and UDP by using both parameters :

netstat -tupln

And use the man page to know everything :

man netstat

Thanks

@Weetos for its improvements

Say Thanks
Respond

2 Responses
Add your response

27604

Nice. I would add to this that "grep tcp" or "grep udp" is not required as long as you use netstat's own filtering feature '-t' or -'u'.
For instance, the following lists what processes listen on http and https TCP ports :
netstat -tpln | grep ":80|:443"
This one lists what process listens on SNMP UDP port :
netstat -upln | grep ":161"

over 1 year ago ·
27605

Edit : backslash has been removed in my previous post :
netstat -tpln ":80backslash|:443"

over 1 year ago ·
Filed Under