Port listening on Mac, Windows or Linux

From Wikichris
Jump to: navigation, search

To know if a program is opening your computer to the network the easiest way is to check what ports are open and listening on your computer (Even if the firewall stop some of them).

netstat

Netstat is the command to use on linux, windows or Mac.

Find which program use a port

Linux

On Linux we use to see the Processes associated to a listening network port with the following command

netstat -p

I use to type the following line to know which process is listening on the port 123

netstat -pln | grep 123

He is an example on Debian Squeeze

# netstat -pln 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      1084/master     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      715/sshd        
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1307/mysqld     
tcp6       0      0 :::443                  :::*                    LISTEN      14887/apache2   
tcp6       0      0 :::22                   :::*                    LISTEN      715/sshd        
tcp6       0      0 :::80                   :::*                    LISTEN      14887/apache2

Windows

On Windows it's

netstat -o

You'll get the PID. But to find which program is using this PID

Task Manage > Processes

Them go into the Menu bar

View > Select Columns... > PID

Mac OS X

Sadly on Mac OS X this option doesn't exist. The equivalent will be

sudo lsof -P

So we can imagine that we need to know which program dare listening on port 123

sudo lsof -Pn | grep 123

You will see something like that:

ntpd         21           root   20u     IPv4 0x0899ace4        0t0      UDP *:123
ntpd         21           root   21u     IPv6 0x0899ac08        0t0      UDP *:123
ntpd         21           root   22u     IPv6 0x0899baa4        0t0      UDP [::1]:123
ntpd         21           root   23u     IPv6 0x0899b8ec        0t0      UDP [fe80:1::1]:123
ntpd         21           root   24u     IPv4 0x0899b810        0t0      UDP 127.0.0.1:123
ntpd         21           root   25u     IPv6 0x098b5658        0t0      UDP [fe80:4::cabc:c8ff:fe90:6472]:123
ntpd         21           root   27u     IPv6 0x098b5b80        0t0      UDP [2002:3ba7:d4b1::cabc:c8ff:fe90:6472]:123
ntpd         21           root   28u     IPv4 0x15463370        0t0      UDP 10.0.130.101:123
ntpd         21           root   30u     IPv6 0x15464b80        0t0      UDP [2002:3ba7:d4b1::c3e:e29a:8de6:68cc]:123

So it was the NTP Daemon with the process ID 21.... petit coquin !