746

I am installing hadoop on my Ubuntu system. When I start it, it reports that port 9000 is busy.

I used:

netstat -nlp|grep 9000

to see if such a port exists and I got this:

   tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN

But how can I get the PID of the process which is holding it?

techraf
  • 5,941
wuchang
  • 7,907
  • 5
  • 17
  • 16

8 Answers8

936

Your existing command doesn't work because Linux requires you to either be root or the owner of the process to get the information you desire.

On modern systems, ss is the appropriate tool to use to get this information:

$ sudo ss -lptn 'sport = :80'
State   Local Address:Port  Peer Address:Port              
LISTEN  127.0.0.1:80        *:*                users:(("nginx",pid=125004,fd=12))
LISTEN  ::1:80              :::*               users:(("nginx",pid=125004,fd=11))

You can also use the same invocation you're currently using, but you must first elevate with sudo:

$ sudo netstat -nlp | grep :80
tcp  0  0  0.0.0.0:80  0.0.0.0:*  LISTEN  125004/nginx

You can also use lsof:

$ sudo lsof -n -i :80 | grep LISTEN
nginx   125004 nginx    3u  IPv4   6645      0t0  TCP 0.0.0.0:80 (LISTEN)
Chris Down
  • 125,559
  • 25
  • 270
  • 266
  • 65
    Note: under OSX, the -p option is for protocol rather than process. See this question – Bryan P Apr 10 '16 at 16:51
  • 4
    @BryanP the OP asked for Ubuntu so that's kinda irrelevant... – Adam B Sep 21 '16 at 14:26
  • 87
    @AdamB Unless a Mac user arrived here searching for Finding the PID of the process using a specific port – mraaroncruz Oct 10 '16 at 11:05
  • 3
    This answer would probably be improved by putting the need to sudo at the top. – Nacht Jan 06 '17 at 01:10
  • What if i wanted to just return "125004" as PID? – MrOnyancha Jan 25 '17 at 07:11
  • 8
    @MrOnyancha Use the terse (-t) options - lsof -ti tcp:80 – Mohnish Jul 19 '17 at 13:58
  • what does it mean when the process id field is missing on certain ports? (is it some stupid systemd thing?) – ThorSummoner Sep 08 '18 at 19:52
  • Chris Down, I think it isn't ethical to copy paste other's answers in your answer. Originally your answer was about netstat only. You have included usage of lsof and ss commands from other answers and comments. At least mention the author of the answer when you extend your answer with options from other answers. – Oleksandr Feb 26 '19 at 09:56
  • @Alexandr Huh? This answer doesn't "copy paste others' answers". As with all of my answers, when they are upvoted or otherwise I get a notification about them, I occasionally take a look and realise that they could be improved, which is totally normal, since up to 2014 I used to answer extremely frequently here. In this case, for example, ss is not deprecated, whereas other tools are, so it improves the answer to add it. With respect, I don't really need to read the other answers here to know about the existence of these tools, considering I use these and other staple Linux tools every day. – Chris Down Feb 27 '19 at 11:20
  • @Chris Down , I disagree here with you. You can look just one question below your question to see that another answer already have the option which you want to include into your answer. As a result, other answers are becoming redundant and can be removed because you just included all the information from other answers into your answer. You didn't improve your answer, you just included all the options from other answers into your answer. If you want to add something specific to these options you can edit others' answers. – Oleksandr Feb 27 '19 at 12:55
  • @Alexandr The point is that these updates don't derive from other answers, they're just updates that happen to relate to other answers. Where updates are a result of another answer, as opposed to being a coincidence, it's properly attributed, as with Heinzi here for example. You can't require attribution just because your answer coincidentally happens to contain a subset of information, when that information wasn't derived from your answer. If multiple discovery is likely in academia, it's infinitely more likely in simple things like this. – Chris Down Feb 27 '19 at 13:15
  • @Chris Down , If you want to add some extra information (which you didn't) you can edit the related answer instead of including the whole answer into your answer. Can you tell me what is the point of including lsof example if Vitaliy's answer already has this option and his whole answer is based on this option? What is the point of including ss option if my answer already have this option and is based specifically for this option only? Also, below my answer there is the comment which is identical to your example (except the port). – Oleksandr Feb 27 '19 at 13:31
  • If your answer would had ss option I wouldn't create my answer which lists ss option. I bet that Vitaliy also wouldn't create the answer to list lsof option if your answer would have it. But you included other options into your answer and made other answers worse then your answer just because your answer contains all the information that other answers have. – Oleksandr Feb 27 '19 at 13:32
  • Also, notice, I don't tell that you don't know about existance of these tools. I tell that you including others' answers information into your answer. You should improve the answer which is related to specific option and don't just include that option into your answer because you want your answer to be the best one. It would be fair if your answer wouldn't include information options from other answers which were posted much before your edits. I.e. based on your edits and answers to this question I can tell that your answer must not include ss and lsof options. – Oleksandr Feb 27 '19 at 13:32
  • @Alexandr When I'm updating my answers, I don't consult every single other answer to see if there might be an overlap. I simply don't have the time to do that with the volume of content I've written on this site. – Chris Down Feb 27 '19 at 13:34
  • sudo lsof -n -i :80 is particularly useful (without the grep), if a different command is holding the connection active, after the initial command that started the connection has closed. – Mint Dec 29 '21 at 09:24
  • Using sudo netstat -nlp | grep :8081 throws an exception netstat: option requires an argument -- p, this sudo lsof -n -i :80 worked!! – Carlos.V Mar 30 '22 at 23:56
248

Also you can use lsof utility. Need to be root.

# lsof -i :25
COMMAND  PID        USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
exim4   2799 Debian-exim    3u  IPv4   6645      0t0  TCP localhost:smtp (LISTEN)
exim4   2799 Debian-exim    4u  IPv6   6646      0t0  TCP localhost:smtp (LISTEN)
Vitaliy
  • 2,599
  • 12
    This command will also give you processes with established connections, not just processes that are listening. – firelynx Aug 18 '15 at 10:10
  • 4
    Not necessarily to be root. And, for those who want to get PID only, you can lsof -i :25 -Fp, which produces output like p1234. – Robert Mar 09 '17 at 10:27
  • Important to note that you may need to run as sudo as some processes may be inaccessible to the user. – Harley Lang Mar 25 '21 at 01:18
  • For more information on lsof: https://www.tecmint.com/10-lsof-command-examples-in-linux/ – Deepam Gupta Apr 26 '21 at 12:43
26

I am using "CentOS 7 minimal" which has nor netstat neither lsof. But a lot of linux distributions have the socket statistics command (i.e. ss).

Here is an example of execution:

# ss -tanp | grep 6379
LISTEN   0    128  127.0.0.1:6379   *:*   users:(("redis-server",pid=2531,fd=4))
Oleksandr
  • 1,049
21

Also you can use fuser:

fuser -v -n tcp 22

The output :

                     USER        PID ACCESS COMMAND
22/tcp:              root        598 F.... sshd
GAD3R
  • 66,769
  • 1
    It doesn't working fuser -v -n tcp 80, even I try with sudo – SuperKrish Dec 02 '16 at 05:42
  • 1
    Note: This requires sudo if the offending process was also started with sudo – laggingreflex Jan 21 '17 at 08:14
  • 1
    This is a good thing to remember generally. Commands in Linux generally won't give information on processes started by root/sudo unless the command is run with Sudo.

    This is true even when the command does not normally need sudo to run correctly.

     – njfife Jul 06 '17 at 21:15
17

Running the command with sudo would give you the PID. On my development machine I get:

$ netstat -nlp | grep 8080
tcp6       0      0 :::8080      :::*       LISTEN      -

$ sudo netstat -nlp | grep 8080
tcp6       0      0 :::8080      :::*       LISTEN      16449/java

And as mentioned in other answers you can also use the ss or the lsof commands.

muru
  • 72,889
isapir
  • 428
5

I'm working on a Yocto Linux system that has a limited set of available Linux tools. I managed to find the process of a running port using the following commands (where I find the process using port 1883):

root@root:~# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:hostmon         0.0.0.0:*               LISTEN      
tcp        0      0 localhost.localdomain:domain 0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:9080            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN      
tcp        0      0 :::hostmon              :::*                    LISTEN      
tcp        0      0 localhost:domain        :::*                    LISTEN      
tcp        0      0 :::ssh                  :::*                    LISTEN      
tcp        0      0 :::1883                 :::*                    LISTEN      
root@root:~# fuser 1883/tcp
290 
root@root:~# ps | grep 290
  290 mosquitt 25508 S    /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
12141 root      8444 S    grep 290

As we can see above, it's the program /usr/sbin/mosquitto that's using port 1883.

Daniel Jonsson
  • 2,435
1

Try netstat -tulpen PORT.

e.g. netstat -tulpen 35729

Proto Recv-Q Send-Q Local Address           Foreign Address         State       Benutzer   Inode      PID/Program name    
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          55233      -                   
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1000       3166326    364815/node         
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      127        36032      -                   
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      0          55234      -                   
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      0          2927660    -                   
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      127        36034      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          30995      -                   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      101        26903      -                   
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      132        32262      -                   
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      129        40952      -                   
tcp6       0      0 :::35729                :::*                    LISTEN      1000       3088940    355480/grunt        
tcp6       0      0 ::1:9300                :::*                    LISTEN      129        40945      -                   
tcp6       0      0 ::1:9200                :::*                    LISTEN      129        41261      -                   
tcp6       0      0 ::1:631                 :::*                    LISTEN      0          2927659    -                   
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      129        41262      -                   
tcp6       0      0 :::9003                 :::*                    LISTEN      1000       3234646    373445/code         
tcp6       0      0 :::22                   :::*                    LISTEN      0          31006      -                   
tcp6       0      0 :::80                   :::*                    LISTEN      0          940224     -                   
tcp6       0      0 ::1:6379                :::*                    LISTEN      132        32263      -                   
udp        0      0 127.0.0.53:53           0.0.0.0:*                           101        26902      -                   
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          2927684    -                   
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           115        29345      -                   
udp        0      0 0.0.0.0:42443           0.0.0.0:*                           115        29347      -                   
udp6       0      0 :::5353                 :::*                                115        29346      -                   
udp6       0      0 :::34477                :::*                                115        29348      -
Black
  • 2,079
0

Get PID by itself into a shell variable

A bit of awk action to help when scripting:

port=9050
pid="$(sudo netstat -nlp | awk '$4~":'"$port"'"{ gsub(/\/.*/,"",$7); print $7 }')"

Now pid contains just he numerical PID, e.g. 7094.

Tested on Ubuntu 23.04.

Ciro Santilli OurBigBook.com
  • 18,092
  • 4
  • 117
  • 102