Linux Process Is Listening Upon a Port

1) netstat command or ss command – a command-line tool that displays network connections, routing tables, and a number of network interface statistics.

2) fuser command – a command line tool to identify processes using files or sockets.

3) lsof command – a command line tool to list open files under Linux / UNIX to report a list of all open files and the processes that opened them.

4) /proc/$pid/ file system – Under Linux /proc includes a directory for each running process (including kernel processes) at /proc/PID, containing information about that process, notably including the processes name that opened port.


# netstat -tulpn

# netstat -tulpn

# ls -l /proc/1138/exe

# netstat -tulpn | grep :80

# ss -tulpn | grep :3306

# netstat -nat | grep LISTEN

Process that is using port 10000 (with all it’s launch parameters)

netstat -tulpn 2> /dev/null | grep 10000 | awk ‘{print $NF}’ | awk -F’/’ ‘{print $1}’ | xargs ps -f | cat



# fuser 7000/tcp

# ls -l /proc/3813/exe

# man transmission

# whatis transmission

Find Out Current Working Directory Of a Process
# ls -l /proc/3813/cwd
# pwdx 3813

Find Out Owner Of a Process on Linux
ps aux | grep 3813

# ps -eo pid,user,group,args,etime,lstart | grep ‘[3]813’

# cat /proc/3813/environ
# grep –color -w -a USER /proc/3813/environ


lsof Command Example
lsof -i :portNumber
lsof -i tcp:portNumber
lsof -i udp:portNumber
lsof -i :80
lsof -i :80 | grep LISTEN

lsof -i
lsof -i TCP
lsof -i UDP
lsof -i TCP @host:port
lsof -p PID_HERE
lsof -u username_here


# ps aux | grep ‘[1]616’
# ps -eo pid,user,group,args,etime,lstart | grep ‘[1]616’
# grep 443 /etc/services


To Check RootKit

rkhunter and chkrootkit to check.

Bandwith monitoring

sudo yum -y install epel-release
yum repolist
iftop – Display Bandwidth Usage
yum install iftop -y
yum -y install nload
yum -y install nethogs
yum -y install bmon
yum -y install vnstat
yum -y install iperf3
yum install iptraf
yum install cbm