Linux Process Is Listening Upon a Port
1) netstat command or ss command – a command-line tool that displays network connections, routing tables, and a number of network interface statistics.
2) fuser command – a command line tool to identify processes using files or sockets.
3) lsof command – a command line tool to list open files under Linux / UNIX to report a list of all open files and the processes that opened them.
4) /proc/$pid/ file system – Under Linux /proc includes a directory for each running process (including kernel processes) at /proc/PID, containing information about that process, notably including the processes name that opened port.
# netstat -tulpn
# netstat -tulpn
# ls -l /proc/1138/exe
# netstat -tulpn | grep :80
# ss -tulpn | grep :3306
# netstat -nat | grep LISTEN
Process that is using port 10000 (with all it’s launch parameters)
netstat -tulpn 2> /dev/null | grep 10000 | awk ‘{print $NF}’ | awk -F’/’ ‘{print $1}’ | xargs ps -f | cat
# fuser 7000/tcp
# ls -l /proc/3813/exe
# man transmission
# whatis transmission
Find Out Current Working Directory Of a Process
# ls -l /proc/3813/cwd
# pwdx 3813
Find Out Owner Of a Process on Linux
ps aux | grep 3813
# ps -eo pid,user,group,args,etime,lstart | grep ‘[3]813’
# cat /proc/3813/environ
# grep –color -w -a USER /proc/3813/environ
lsof Command Example
lsof -i :portNumber
lsof -i tcp:portNumber
lsof -i udp:portNumber
lsof -i :80
lsof -i :80 | grep LISTEN
lsof -i
lsof -i TCP
lsof -i UDP
lsof -i TCP @host:port
lsof -p PID_HERE
lsof -c COMMAND_HERE
lsof -u username_here
# ps aux | grep ‘[1]616’
# ps -eo pid,user,group,args,etime,lstart | grep ‘[1]616’
# grep 443 /etc/services
To Check RootKit
rkhunter and chkrootkit to check.
Bandwith monitoring
sudo yum -y install epel-release
yum repolist
iftop – Display Bandwidth Usage
yum install iftop -y
yum -y install nload
yum -y install nethogs
yum -y install bmon
yum -y install vnstat
yum -y install iperf3
yum install iptraf
yum install cbm