Hey! I have port XXX opened! What is using it?

Hi all.

I was messing around on my server sometime ago and I have nmap-ed myself and noticed port XXX opened. I knew I have something running on the server from the lan side and I couldn’t remember what it was!

So I googled a bit and came up with this command:

netstat -tlnp | grep XXX

It must be run as root. If You run it as user the process is root owned – You wont be given the access to the information about the process.

Lets say the open port is 22… I know its SSH but lets say I “forgot”.

Example.

As You can see user failed, but root got detailed information process and its id number.

Sometimes You need to skip some of the switches in the command like t for example coz process is not using TCP but UDP.

Thats all – simple as that…

Andy

Advertisements