I want to find some processes which are running on a specified port
for example 80
I ran
fuser 80/tcp
and got nothing
and then
netstat -tulpn|grep "80\|PID"
and got
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN -
the PID is -
so what does - mean?
thanks!
The short answer is: You need to be root in order to see all bindings.
A little bit longer:
The manpage of netstat gives a hint that is not necessary in all cases:
PID/Program name Slash-separated pair of the process id (PID) and process name of the process that owns the socket.
--programcauses this column to be included. You will also need superuser privileges to see this information on sockets you don't own.
So, as a normal user you only see which process listens to a port, if you own it:
$ netcat -l -p 1234 &
$ netstat -tulpn
[...]
tcp 0 0 0.0.0.0:1234 0.0.0.0:* LISTEN 8044/netcat
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
[...]
You see "your" netcat process, but not who is listening to e.g. port 22.
I have a feeling, that the reason for that is, that you can't acces /proc/[PID]/fd for not-owned processes. There you find the file descriptors process [PID] has currently opened and in Un*x (nearly) everything is a file... and so are sockets.
In my example sshd, pid 3934, listens to port 22 (surprise-surprise):
$ whoami
user
$ ls -l /proc/3934/fd
/bin/ls: cannot open directory /proc/3934/fd: Permission denied
$ sudo ls -l /proc/3934/fd
total 0
lrwx------ 1 root root 64 Apr 24 16:33 0 -> /dev/null
lrwx------ 1 root root 64 Apr 24 16:33 1 -> /dev/null
lrwx------ 1 root root 64 Apr 24 16:33 2 -> /dev/null
lrwx------ 1 root root 64 Apr 24 16:33 3 -> socket:[10481]
lrwx------ 1 root root 64 Apr 24 16:33 4 -> socket:[10483]
(The second socket is bond to the IPv6 adress which I omitted in my netstat output.)
;)