The -p flag for netstat on Linux

For a long time I had been using lsof to track down which process was listening on a particular port, and I know i’m not the only person to find it that way. The -p flag for netstat helps out by showing the pid of the process that owns that listening socket. Here are the flags I use when doing a netstat:

-p, --program
  Show the PID and name of the program to which each socket belongs.
-a, --all
  Show both listening and non-listening sockets.  With the --interfaces option,
  show interfaces that are not marked
--numeric , -n
  Show numerical addresses instead of trying to determine symbolic host,
  port or user names.

This gives a nice output like this:

[root@host ~]# netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address  Foreign Address  State  PID/Program name
tcp        0      0 0.0.0.0:22       0.0.0.0:*     LISTEN      10587/sshd
tcp        0      0 0.0.0.0:80       0.0.0.0:*     LISTEN      16872/httpd
tcp        0      0 0.0.0.0:21       0.0.0.0:*     LISTEN      26698/proftpd
tcp        0      0 0.0.0.0:25       0.0.0.0:*     LISTEN      2209/sendmail

It can be a lot faster using the netstat -anp method on heavily loaded systems.

This entry was posted on Thursday, May 17th, 2007 at 10:41 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

»
«

One Response to “The -p flag for netstat on Linux”

  1. smugllama says:

    This -p flag seems a little easier that what I previously used for identifying which process had bound which port. (lsof)

    If I’m not mistaken Microsoft implemented the -p flag in XP, too.

    May 19th, 2007 at 12:05 am

Leave a Reply