How to know what program is listening on a given port?

Open your terminal and type as

lsof -i :8000

that command will list you the application used by that port with PID. (If no results run via sudo since your might have no permission to certain processes.)

For example, with port 8000 (python3 -m http.server):

$ lsof -i :8000
COMMAND  PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
python3 3269 user    3u  IPv4 1783216      0t0  TCP *:8000 (LISTEN)

And port 22 (SSH):

$ sudo lsof -i :22
COMMAND  PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd     998 root    3u  IPv4 1442116      0t0  TCP *:ssh (LISTEN)
sshd     998 root    4u  IPv6 1442118      0t0  TCP *:ssh (LISTEN)

Hope that helps.


You can use netstat to see which process is listening on which port.

You can use this command to have a full detail :

sudo netstat -peanut

if you need to know exactly which one is listening on port 8000 you can use this :

sudo netstat -peanut | grep ":8000 "

There is no process that can hide from netstat.


To expound on the answer by @33833 you can get some very detailed info, for example:

$ lsof -i :8000
COMMAND  PID  USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
squid3  1289 proxy   15u  IPv6 14810490      0t0  TCP *:8000 (LISTEN)

$ ps -fp 1289
UID        PID  PPID  C STIME TTY          TIME CMD
proxy     1289     1  0 09:48 ?        00:00:00 /usr/sbin/squid3 -N -f /etc/squid-deb-proxy/squid-deb-proxy.conf

I can see right there that squid is the process, but it is actualy my squid-deb-proxy that is taking up the port.

Another good example of a java app:

$ lsof -i :4242
COMMAND  PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
java    3075 root   86u  IPv4    12019      0t0  TCP *:4242 (LISTEN)

$ ps -fp 3075
UID        PID  PPID  C STIME TTY          TIME CMD
root      3075     1 15 May24 ?        3-16:07:25 /usr/local/crashplan/jre/bin/java -Dfile.encoding=UTF-8 -Dapp=CrashPlanService -DappBaseName=CrashPl

You can see in lsof (LiSt Open Files) that it is java, which is less than helpful. Running the ps command with the PID we can see right away that it is CrashPlan.


Try ss from iproute2 package:

ss -nlp | grep 8000