I am currently working with docker, the image of my container is on port 49161, however, the port was occupied by another process. So I killed this process by doing sudo kill PID in order to free the port. Nevertheless, now the port seems to be occupied by a PID belonging to the root. Is it possible to free this port (49161) ?
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
findmydev 267 root 4u IPv6 0xcf3f933fd8e68451 0t0 TCP [fe80:4::aede:48ff:fe00:1122]:49161->[fe80:4::aede:48ff:fe33:4455]:49169 (ESTABLISHED)
try this out
pgrep -u root [processID]
Related
I'm binding UDP socket to the INADDR_ANY (0.0.0.0) with a port. The bind would succeed, but for some reason, the binding seems to be lost after some unknown time.
I noticed that by running lsof -i 4 to check the open network fd , and saw the UDP binding disappeared after sometime.
The bind port is "mdns", i.e. 5353.
$ lsof -i 4
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
foofoo 3642 pi 34u IPv4 1903802 0t0 UDP *:mdns
foofoo 3642 pi 35u IPv4 1907783 0t0 UDP *:47531
after a while,
$ lsof -i 4
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
foofoo 3642 pi 35u IPv4 1907783 0t0 UDP *:47531
AFAIK, the code did not close the socket for "mdns" binding. Is there any case this could happen?
Thanks.
I am trying to kill processes on port 80. Here are the process running on port 80
lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 6233 root 13u IPv4 4216925 0t0 TCP *:http (LISTEN)
nginx 6235 opscode 13u IPv4 4216925 0t0 TCP *:http (LISTEN)
I have tried killing processes using kill -9 <PID> but they still exist with PID changed. How can I kill the processes forcefully?
Your question is better suited on serverfault.com or askubuntu.com.
But I think your problem is that you have an nginx daemon started.
You can stop it with either systemctl stop nginx if you are using systemd or service nginx stop if you are using system V
I'm running a server (Ubuntu Server 14.04) which allows the clients to make a ssh tunnel from their device (Raspberry Pi) so they can access their web server from the internet (as a mean to traverse NATs). I can get a list of processes owned by the user (which is the same for all the devices) using ps -u username (this user only runs sshd to forward ports), but I can't filter those processes by the port they're forwarding. So the question is, how can I get the pid of the sshd that is forwarding port #N?
You can make use of lsof command since everything is a file on linux.
Something like lsof -Pan -i | grep :PORT will get you what you ask. It has an output like this when i run it for port 80 on my machine:
Command PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1104 root 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1105 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1106 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1107 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1108 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
More on lsof can be found here
I accidentally closed the terminal after running this command
mod_wsgi-express start-server
And I can't find the resource on how to stop the server
What is the command?
I had run the mod_wsgi-express script on a virtual environment on port 5000.I had to run the following command to stop it.
/tmp/mod_wsgi-localhost:5000:1002/apachectl stop
The solution
I opened terminal and killed the process via the pid
I opened the terminal and ran the following code to get the pid of the process
lsof -i -f
This is a sample response I got
apache2 20000 ebrahim 3u IPv4 1234565 0t0 TCP *:8000 (LISTEN)
apache2 20001 ebrahim 3u IPv4 1234565 0t0 TCP *:8000 (LISTEN)
apache2 20004 ebrahim 3u IPv4 1234565 0t0 TCP *:8000 (LISTEN)
Then I performed the following command to kill it in the form of sudo kill (pid number) for example
sudo kill 20000
Another way (more proper way) to do this is to go to the to the directory that holds the apachectl file. (the directory changes if you use the --server-root option when using the mod_wsgi-express start server command).
You simply have to run the code below from terminal
/etc/mod_wsgi-express-80/apachectl stop
I was wondering, if the output of
lsof -i
sshd 21880 root 3r IPv4 4843515 TCP somehost.lu.isp.com:ssh->d-XX-XXX.ITS.SOMEWHERE.COM:45037 (ESTABLISHED)
sshd 21882 mike 3u IPv4 4843515 TCP somehost.lu.isp.com:ssh->d-XX-XXX.ITS.SOMEWHERE.COM:45037 (ESTABLISHED)
sshd 23853 root 3u IPv6 960417 TCP *:ssh (LISTEN)
sshd 23853 root 4u IPv4 960419 TCP *:ssh (LISTEN)
sshd 24043 root 3r IPv4 4871654 TCP somehost.lu.isp.com:ssh->XXX.XX.XXX.XXX:42104 (ESTABLISHED)
sshd 24044 sshd 3u IPv4 4871654 TCP somehost.lu.isp.com:ssh->XXX.XX.XXX.XXX:42104 (ESTABLISHED)
Does that imply that somebody has logged in on the system and is currently doing something? or means it's just trying to log in? I'm not quite sure about it.
Any clues? Thanks
According to this
lsof -i only shows you active tcp connections. So it doesn't tell you if there logged in or still attempting to authenticate.
if you want to check to see who's logged in and from where you can run the "who" command.
which will give you a list of the users logged in and where there logged in from (e.g. ssh, tty, etc)
The 'ESTABLISHED' means the TCP connection is established, ie the handshake has been performed on TCP/IP level. This is needed before the ssh process sees any data at all. Theoretically, the connection could be quite long in ESTABLISHED mode without sending any data depending on the timeouts set (on TCP level and/or sshd config). Expect login to occur after it.
To look into it more, use 'iptraf' for monitoring the amount of traffic, or see /var/log/auth.log (at least, on a Debian system) for seeing who succesfully logged on.