Port listening on Mac, Windows or Linux
From Wikichris
To know if a program is opening your computer to the network the easiest way is to check what ports are open and listening on your computer (Even if the firewall stop some of them).
netstat
Netstat is the command to use on linux, windows or Mac.
Contents |
Find which program use a port
Linux
On Linux we use to see the Processes associated to a listening network port with the following command
netstat -p
I use to type the following line to know which process is listening on the port 123
netstat -pln | grep 123
He is an example on Debian Squeeze
# netstat -pln Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1084/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 715/sshd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1307/mysqld tcp6 0 0 :::443 :::* LISTEN 14887/apache2 tcp6 0 0 :::22 :::* LISTEN 715/sshd tcp6 0 0 :::80 :::* LISTEN 14887/apache2
Windows
On Windows it's
netstat -o
You'll get the PID. But to find which program is using this PID
Task Manage > Processes
Them go into the Menu bar
View > Select Columns... > PID
Mac OS X
Sadly on Mac OS X this option doesn't exist. The equivalent will be
sudo lsof -P
So we can imagine that we need to know which program dare listening on port 123
sudo lsof -Pn | grep 123
You will see something like that:
ntpd 21 root 20u IPv4 0x0899ace4 0t0 UDP *:123 ntpd 21 root 21u IPv6 0x0899ac08 0t0 UDP *:123 ntpd 21 root 22u IPv6 0x0899baa4 0t0 UDP [::1]:123 ntpd 21 root 23u IPv6 0x0899b8ec 0t0 UDP [fe80:1::1]:123 ntpd 21 root 24u IPv4 0x0899b810 0t0 UDP 127.0.0.1:123 ntpd 21 root 25u IPv6 0x098b5658 0t0 UDP [fe80:4::cabc:c8ff:fe90:6472]:123 ntpd 21 root 27u IPv6 0x098b5b80 0t0 UDP [2002:3ba7:d4b1::cabc:c8ff:fe90:6472]:123 ntpd 21 root 28u IPv4 0x15463370 0t0 UDP 10.0.130.101:123 ntpd 21 root 30u IPv6 0x15464b80 0t0 UDP [2002:3ba7:d4b1::c3e:e29a:8de6:68cc]:123
So it was the NTP Daemon with the process ID 21.... petit coquin !
