Finding the PID of the Process Using a Specific Port

In Linux systems, every running process is assigned a unique Process Identification Number (PID) that distinguishes it from other active processes. Similarly, network connections are associated with specific port numbers that identify communication endpoints. System administrators often need to identify which process is using a particular port for network troubleshooting, security auditing, or resource management purposes.

This article explores various command-line tools and techniques to find the PID of processes utilizing specific ports in Linux systems.

Prerequisites

To view detailed process information including PIDs and port usage, you typically need root privileges. Switch to root user using:

sudo su

Enter your password when prompted. You can return to regular user mode by typing exit.

Using netstat Command

Netstat is a classic network utility that displays active network connections, routing tables, and network statistics. It provides comprehensive information about network activity on the system.

Basic netstat Usage

netstat -ltnup

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address    Foreign Address  State    PID/Program name    
tcp   0      0      127.0.0.53:53    0.0.0.0:*        LISTEN   689/systemd-resolve 
tcp   0      0      127.0.0.1:631    0.0.0.0:*        LISTEN   754/cupsd           
tcp6  0      0      ::1:631          :::*             LISTEN   754/cupsd  
udp   0      0      127.0.0.53:53    0.0.0.0:*                 689/systemd-resolve 
udp   0      0      0.0.0.0:5353     0.0.0.0:*                 746/avahi-daemon

Command options explained:

• -l Show only listening sockets

• -t Display TCP connections

• -n Show numerical addresses instead of resolving hosts

• -u Display UDP connections

• -p Show PID and process name

Finding Specific Port

To find the process using a specific port, combine netstat with grep:

netstat -ltnup | grep ':5353'

udp  0  0  0.0.0.0:5353  0.0.0.0:*  746/avahi-daemon

Using ss Command

The ss (socket statistics) command is the modern replacement for netstat, offering faster performance and more detailed output. It provides comprehensive socket information with advanced filtering capabilities.

ss -ltnup 'sport = :5353'

Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process             
udp   UNCONN 0      0      0.0.0.0:5353      0.0.0.0:*     users:(("avahi-daemon",pid=746,fd=14))

The ss command supports powerful filtering expressions and is generally preferred over netstat for modern Linux distributions.

Using lsof Command

Lsof (list open files) is a versatile utility that displays information about files opened by processes, including network connections, since everything in Linux is treated as a file.

lsof -i :5353

COMMAND   PID   USER  FD   TYPE DEVICE SIZE/OFF NODE NAME
avahi-dae 746   avahi 14u  IPv4 39187  0t0      UDP  *:5353

The -i option specifically targets network connections, making lsof particularly useful for network troubleshooting scenarios.

Using fuser Command

Fuser identifies processes using specific files, directories, or in this case, network ports. It provides a quick way to find which processes are accessing particular resources.

fuser 5353/udp

5353/udp:  746

Verbose Output

Use the -v option for detailed information:

fuser -v 5353/udp

                 USER        PID ACCESS COMMAND
5353/udp:        avahi       746 F....  avahi-daemon

Multiple Ports

Check multiple ports simultaneously:

fuser -v 5353/udp 631/tcp

                 USER        PID ACCESS COMMAND
5353/udp:        avahi       746 F....  avahi-daemon
631/tcp:         root        754 F....  cupsd

Comparison of Methods

Conclusion

Finding the PID of processes using specific ports is essential for network troubleshooting and system administration. The ss command is recommended for modern Linux systems due to its speed and advanced features, while netstat remains useful for compatibility. Choose the method that best fits your specific requirements and system environment.