In my professional experience I faced that some time I tried to start program but it says that port is already in use. Now we want to know that which program is using that port.

Following is the method to findout that.

First command is netstat -pnt
when you give this command you will get the TCP port opened and which IP is connected and what is the Process ID of the program which started that program.
column defination are

  • Port used by program
  • Rec Queue
  • Send Queue
  • IP address of local server using which program started
  • IP address of remote machine which is connected on that port
  • Status of the connection
  • Process ID / Program Name which started that process
[abc@TP01EMM ~]$ netstat -pnt
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.184.41.236:5432 10.184.41.236:39747 ESTABLISHED -
tcp 0 0 10.184.41.236:5465 10.184.41.236:58390 ESTABLISHED -
tcp 0 0 127.0.0.1:5445 127.0.0.1:44747 ESTABLISHED -
tcp 0 0 ::ffff:127.0.0.1:47753 ::ffff:127.0.0.1:5468 ESTABLISHED 5457/java
tcp 0 0 ::ffff:10.184.41.236:55876 ::ffff:10.184.41.236:8080 ESTABLISHED 2620/java
tcp 0 0 ::ffff:10.184.41.236:2071 ::ffff:10.184.41.236:42411 ESTABLISHED 5457/java
tcp 0 0 ::ffff:127.0.0.1:47751 ::ffff:127.0.0.1:5468 ESTABLISHED 5457/java
tcp 0 0 ::1:9007 ::1:37537 ESTABLISHED 16653/java
tcp 0 0 ::1:9105 ::1:37849 ESTABLISHED 22490/java
tcp 0 0 ::1:9045 ::1:49177 ESTABLISHED 7695/java
[abc@TP01EMM ~]$ netstat -pnt |grep :22
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp 0 64 10.184.41.236:22 100.96.42.77:50977 ESTABLISHED -


[abc@TP01EMM ~]$ su -
Password:
TP01EMM:~# netstat -pnt |grep :22
tcp 0 80 10.184.41.236:22 100.96.42.77:50977 ESTABLISHED 24694/sshd

There is another command in Redhat Linux to find out all the open ports
ss command in linux

  • ss -t -a  ———— Displays all TCP sockets.
  • ss -u -a ———— Display all UDP sockets.
  • ss -o state established ’( dport = :ssh or sport = :ssh ) ——–Display all established ssh connections.
  • -n option will not resove the service name ( it will give port number)
  • -p option will give port number
ss -tanp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::9099 :::*
LISTEN 0 128 :::9100 :::* users:(("BGwLogMgr",3350,4))
LISTEN 0 128 :::9101 :::* users:(("BGwJobMgr",22480,12))
LISTEN 0 50 :::9007 :::* users:(("java",16653,15))
LISTEN 0 128 :::9039 :::*
LISTEN 0 128 10.184.41.236:5455 *:*
LISTEN 0 128 127.0.0.1:5455 *:*
LISTEN 0 128 ::1:5455 :::*
LISTEN 0 128 ::1:5455 :::*
LISTEN 0 128 :::9104 :::* users:(("BGwJobMgr",22480,8))
LISTEN 0 128 :::9040 :::* users:(("BGwLogMgr",7696,4))

Once we get the process ID. Now we want to know the program which is using the port. We can check in proc direcotry for the same
ls -l /proc/<processID>/exe
above command will give the executable path of the process.

TP01EMM:~# ls -l /proc/24694/exe
lrwxrwxrwx 1 root root 0 Jan 5 18:00 /proc/24694/exe -> /usr/sbin/sshd

There is another command to check the port used by program is
lsof
below is example

TP01EMM:~# lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1506 root 3u IPv4 10500 0t0 TCP *:ssh (LISTEN)
sshd 1506 root 4u IPv6 10502 0t0 TCP *:ssh (LISTEN)
sshd 24694 root 3r IPv4 174164794 0t0 TCP TP01EMM:ssh->100.96.42.77:50977 (ESTABLISHED)
sshd 24700 abc 3u IPv4 174164794 0t0 TCP TP01EMM:ssh->100.96.42.77:50977 (ESTABLISHED)