I'm running a server (Ubuntu Server 14.04) which allows the clients to make a ssh tunnel from their device (Raspberry Pi) so they can access their web server from the internet (as a mean to traverse NATs). I can get a list of processes owned by the user (which is the same for all the devices) using ps -u username (this user only runs sshd to forward ports), but I can't filter those processes by the port they're forwarding. So the question is, how can I get the pid of the sshd that is forwarding port #N?
You can make use of lsof command since everything is a file on linux.
Something like lsof -Pan -i | grep :PORT will get you what you ask. It has an output like this when i run it for port 80 on my machine:
Command PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1104 root 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1105 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1106 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1107 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
nginx 1108 www-data 6u IPv4 23348 0t0 TCP *:80 (LISTEN)
More on lsof can be found here
Related
i'm connecting to mongodb through mongoose, from nodejs server, using this line:
mongoose.createConnection(`${uri}`,{dbName:"user",server: {poolSize : 1}});
mongoose.createConnection(`${uri}`,{dbName:"db2",server: {poolSize : 1}});
curiously when i inspect TCP connection in linux terminal, using lsof -i tcp:27017 , i found that for each connection between nodejs and mongodb server, there are TWO(???) TCP connections, which doubles the amount of connections needed.
I have the screenshot here.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mongod 779 root 5u IPv4 1078325 0t0 TCP localhost:27017->localhost:42688 (ESTABLISHED)
mongod 779 root 11u IPv4 19794 0t0 TCP localhost:27017 (LISTEN)
mongod 779 root 46u IPv4 1078335 0t0 TCP localhost:27017->localhost:42692 (ESTABLISHED)
mongod 779 root 48u IPv4 1077657 0t0 TCP localhost:27017->localhost:42698 (ESTABLISHED)
mongod 779 root 72u IPv4 1042013 0t0 TCP localhost:27017->localhost:41086 (ESTABLISHED)
mongod 779 root 74u IPv4 1042015 0t0 TCP localhost:27017->localhost:41088 (ESTABLISHED)
mongod 779 root 129u IPv4 721690 0t0 TCP localhost:27017->localhost:53000 (ESTABLISHED)
mongod 779 root 133u IPv4 721692 0t0 TCP localhost:27017->localhost:53002 (ESTABLISHED)
mongod 779 root 142u IPv4 758478 0t0 TCP localhost:27017->localhost:55034 (ESTABLISHED)
mongod 779 root 144u IPv4 758483 0t0 TCP localhost:27017->localhost:55038 (ESTABLISHED)
sshd 12453 root 8u IPv4 722486 0t0 TCP localhost:53000->localhost:27017 (ESTABLISHED)
sshd 12453 root 9u IPv4 722488 0t0 TCP localhost:53002->localhost:27017 (ESTABLISHED)
sshd 12453 root 10u IPv4 1041239 0t0 TCP localhost:41086->localhost:27017 (ESTABLISHED)
sshd 12453 root 11u IPv4 1041240 0t0 TCP localhost:41088->localhost:27017 (ESTABLISHED)
sshd 12453 root 12u IPv4 759420 0t0 TCP localhost:55034->localhost:27017 (ESTABLISHED)
sshd 12453 root 13u IPv4 759431 0t0 TCP localhost:55038->localhost:27017 (ESTABLISHED)
node\x20/ 16446 root 20u IPv4 1077542 0t0 TCP localhost:42692->localhost:27017 (ESTABLISHED)
node\x20/ 16446 root 21u IPv4 1077536 0t0 TCP localhost:42688->localhost:27017 (ESTABLISHED)
node\x20/ 16446 root 23u IPv4 1078433 0t0 TCP localhost:42698->localhost:27017 (ESTABLISHED)
notice that TCP connections are port [42692, 42688, 42698] are counted twice.
i also have a few connections made through sshd, and clearly they are single connections, just for reference purposes.
i have a limited amount of con-current connections quota, so the question is, what's wrong here? is it possible to get rid of the doubled connections?
I am trying to kill processes on port 80. Here are the process running on port 80
lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 6233 root 13u IPv4 4216925 0t0 TCP *:http (LISTEN)
nginx 6235 opscode 13u IPv4 4216925 0t0 TCP *:http (LISTEN)
I have tried killing processes using kill -9 <PID> but they still exist with PID changed. How can I kill the processes forcefully?
Your question is better suited on serverfault.com or askubuntu.com.
But I think your problem is that you have an nginx daemon started.
You can stop it with either systemctl stop nginx if you are using systemd or service nginx stop if you are using system V
I'm trying to run my node server on my Macbook in port 80 and it keeps giving me this error:
EADDRINUSE : Looks like port 80 is in use
When I run sudo lsof -i :80, I get this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Google 7978 worklaptop 168u IPv4 0x2cc8fb4019190baf 0t0 TCP 10.0.98.217:56534->151.101.32.188:http (ESTABLISHED)
Google 7978 worklaptop 170u IPv4 0x2cc8fb4020e369bf 0t0 TCP 10.0.98.217:56535->151.101.32.188:http (ESTABLISHED)
httpd 45908 root 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 45914 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 45915 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 45916 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 45917 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 45918 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 46011 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 46027 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 46028 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 46029 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
httpd 46030 daemon 10u IPv6 0x2cc8fb3ffd315087 0t0 TCP *:http (LISTEN)
When I kill the Google processes, it just shuts down my Chrome browser.. Any idea what's happening here?
It's the apache2 webserver. It comes by default with MacOS.
You can stop it by issuing this command in terminal sudo apachectl stop
Also you can permenentaly disable it by command sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
I have storm running on 2 machines.
Each machine runs nimbus process (fancy for master process) and worker processes.
And I wanted to see the communication between them - what ports are open and how they connect to each other.
$ netstat -tulpn | grep -w 10669
tcp 0 0 :::6700 :::* LISTEN 10669/java
udp 0 0 :::42405 :::* 10669/java
$ lsof -i :6700
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 10669 storm 25u IPv6 57830 0t0 TCP host1:50778->host2:6700 (ESTABLISHED)
java 10669 storm 26u IPv6 57831 0t0 TCP host1:6700->host2:57339 (ESTABLISHED)
java 10669 storm 29u IPv6 57843 0t0 TCP host1:6700->host1:50847 (ESTABLISHED)
java 10669 storm 53u IPv6 57811 0t0 TCP *:6700 (LISTEN)
java 10681 storm 53u IPv6 57841 0t0 TCP host1:50780->host2:6700 (ESTABLISHED)
java 10681 storm 54u IPv6 57842 0t0 TCP host1:50847->host1:6700 (ESTABLISHED)
What I dont understand from the above output is that why netstat does not show port 50778 being open in the process with PID=10669 where as lsof clearly shows that the same process has an established connection as host1:50778->host2:6700
netstat -l limits the results to listening sockets, and prevents the display of sockets in other states.
Try this instead:
netstat -anp | egrep :6700
It's very strange.
I write a message distribute server upon nanomsg.
But after some time,when i restart the server, i failed because the listening port has been used.
Here is the situation:
[root#vsmHost12 src]# lsof -n -i:3333
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
hsmcs 105013 root **20u** IPv4 **24845821** 0t0 TCP :dec-notes (LISTEN)
hsmcs 105013 root 66u IPv4 25366582 0t0 TCP 192.168.167.1:dec-notes->192.168.167.1:47826 (ESTABLISHED)
java 111946 root **20u** IPv4 **24845821** 0t0 TCP *:dec-notes (LISTEN)
java 111946 root 34u IPv6 25366581 0t0 TCP 192.168.167.1:47826->192.168.167.1:dec-notes (ESTABLISHED)
It's not because of the java, some other daemon may also have the problem.
Look at the FD number and DEVICE number, it's the SAME!
Can anyone explain it ?