What ports are used by an application [duplicate]

networking linux port tcp diagnostic

I'm testing an application which opens its own ports (acts as a server for these ports, hence listens at that ports) and where the same application connects to ports bound by other applications (acts as client for these ports).

I would like to get an overview as to which ports the application creates and to which applications and ports it connects to.

How can I do this?


You can use netstat for this. See the example (I grepped for ssh):

netstat -putan | grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1725/sshd
tcp        0      0 1.2.3.4:45734           1.2.3.5:22              ESTABLISHED 2491/ssh
tcp6       0      0 :::22                   :::*                    LISTEN      1725/sshd

Explanation:

I often use the parameters -putan (because they are simple to remember).

  • -p: show the PIDs of the application/process
  • -u: show udp ports/connections
  • -t: show tcp ports/connections
  • -a: show both listening and non-listening sockets
  • -n: numeric output (don't do DNS lookups for hostnames etc.)

In the output above, you see that there is an ssh daemon process (sshd) with PID 1725 listening at port 22 on all network interfaces (0.0.0.0). Also there is an ssh client process (PID 2491) connected to the IP-address 1.2.3.5 at port number 22, my IP-address is 1.2.3.4 and my external port is 45734. You see that the connection is established. Therefore I'm logged in via ssh.


Another tool that can do this is lsof:

# lsof -i -a -p 1981
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    1981 root    3u  IPv4    917      0t0  TCP host.example.com:ssh (LISTEN)
# lsof -i -a -p 1981 -n
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    1981 root    3u  IPv4    917      0t0  TCP 10.1.2.3:ssh (LISTEN)
# lsof -i -a -p 1981 -n -P
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd    1981 root    3u  IPv4    917      0t0  TCP 10.1.2.3:22 (LISTEN)
#

Options used are as follows:

  • -i to print out internet ports open by a process
  • -a to cause all options to be AND-ed
  • -p 1981 to show output for process 1981
  • -n to inhibit hostname lookup and show IP instead
  • -P to inhibit service lookup and show port number instead

lsof has the advantage that you can specify the process to check rather than having to grep it out of larger output. netstat is more reliably available on systems, although lsof is becoming more standard than it used to be.


ss utility from iproute package for Linux


We have already good answers but they only list the ports that are open at the moment the command runs.

strace is the right tool to monitor the connections opened during the application lifetime:

strace -e socket,connect,close -f -o hipchat.strace.txt hipchat

The output would show you additional information like UDP requests and opened but closed connections.

Related

Why does DHCP uses UDP port 67 and 68 for the communication between the client and server?
How to change default shell for Linux susbsystem for Windows
Looking for an alternative to the Windows defrag utility [closed]
Where is the OS X Remote Desktop Client
How can I solve this error I get when I commit changes on an SVN repository from the Ubuntu terminal?
Recursive unrar of several folders
Remove "\r" from echoing out in bash script
Force update for tmux status bar
How to toggle the auto-hide status of the Windows taskbar
Change what closing the lid does, from the commandline?
How to create a hyperlink file?
int array to string