- Kali Linux Tutorial
- Kali Linux - Home
- Installation & Configuration
- Information Gathering Tools
- Vulnerability Analyses Tools
- Kali Linux - Wireless Attacks
- Website Penetration Testing
- Kali Linux - Exploitation Tools
- Kali Linux - Forensics Tools
- Kali Linux - Social Engineering
- Kali Linux - Stressing Tools
- Kali Linux - Sniffing & Spoofing
- Kali Linux - Password Cracking Tools
- Kali Linux - Maintaining Access
- Kali Linux - Reverse Engineering
- Kali Linux - Reporting Tools
- Kali Linux Useful Resources
- Kali Linux - Quick Guide
- Kali Linux - Useful Resources
- Kali Linux - Discussion
Kill a process running on a specific port?
Overview
It’s common when working with Linux to want to stop a process from using a specific TCP/IP protocol. For example, you might be running an application that listens for HTTP requests and you don’t want it to listen on port 80 (the standard HTTP port). You could use the netstat command to see what ports are currently being used by processes −
$ netstat -lntp | grep :80 tcp6 0 0 :::80 :::* LISTEN 8072/httpd tcp4 0 0 ::ffff:127.0.0.1:80 :::::80 8069/httpd tcp6 0 127.0.0.5:53 :::* LISTEN 903/named udp6 0 0 :::22 :::* LISTEN 4963/sshd
We’ll look at how to identify processes using their ports and how to terminate them. We will also take a look at how to kill all of the processes listening on a particular port.
Identifying Processes Using Their Ports
The netstat command can help us identify which processes are listening on a given port. The −n flag tells netstat not to print out any information about the connections. This is useful if we just want to know whether or not there are any processes listening
Preparing Our Examples
Before we start testing some strategies for identifying and killing processes running on a port, let’s prepare some processes using socat −
$ socat sctp-listen:9999,bind=127.0.0.1 stdout & [1] 6424 $ socat tcp-listen:9999,bind=127.0.0.1 stdout & [2] 6431 $ socat udp-listen:9999,bind=127.0.0.1 stdout & [3] 6438
Here, we’ve created three processes using port 9999 and the protocols SCTP, TCP, and UDP respectively.
Using the fuser Command
The fuser command is a great tool for terminating processes. We only need to use the −k parameter.
Let’s kill the process using the TCP protocol −
$ fuser -k 9999/tcp 9999/tcp: 6431
Here, the notation 9000/udp is a shortcut for −u udp 9000.
We cannot use fusertop when querying processes using protocols other than tcp or udp.
Using the kill Command
We’ll need to use the “kill” (terminate) function to terminate the process. However, before we can do so, we must first identify the PID of our process by specifying its port and protocols.
We're usually referring to the program /bin/kill when we talk about the "kill" command. However, whether we're talking about the program /usr/bin/kill or the shell built−in kills, they both can send a specific type of signals to a running process.
lsof Command
You can use lsof command to view information about files opened by processes.
Let’s use kill combined with lsof to terminate the process by sending a UDP packet.
$ lsof -i udp:9999 | awk '/9999/{print $2}' | xargs kill
In the lsof part, we’ve used the −i parameter for filtering the process using the syntax [46][protocol][@hostname|hostaddr][:service|port]. In our case, we’ve used protocol:port
We've used awks to search for processes running on a particular TCP/IP address (in our case, 9999) and then printed out only the PIDs. Using xargs and kill, these were terminated.
ss and netstat Commands
Since sctp and netstat list the process using the SCTP protocol, let’s end our last process −
$ ss -Slp | grep -Po ':9999\s.*pid=\K\d+(?=,)' | xargs kill
To list the listening ports for an application, use the ss utility with the −l parameter. You can also specify which processes are using each port by adding the −p parameter. Finally, you can see the SCTP (Stream Control Transmission Protocol) connections by specifying the −S parameter.
We've used sed to remove everything except for the numbers between the string pid=" and a comma ",".
We can also use another approach by running netcat −
$ netstat -Slp | grep -Po ':9999\s.*LISTEN.*?\K\d+(?=/)' | xargs kill
We've searched for a list of numbers between the string "LISTEN" and the character "/".
We can see from these examples that both netcat and netcat6 support other protocols besides TCP/IP, so they're good for helping us broaden our view of our networks. However, since netcat is deprecated, we should prefer using the nc command instead.
Conclusion
We've discussed several methods for killing processes using a specific port.
We've used the fuser command first. We've looked up the PID of a running program using its port number and protocol, and then terminated the associated program with the kill command.
- Related Articles
- Finding the PID of the Process Using a Specific Port
- How to Kill a Background Process in Linux
- Kill Process in C++
- How to Kill a Process by Name in Linux?
- How to find and kill running processes in linux
- How does running a specific test method depend on another test method in TestNG?
- Redirecting the Output of an Already Running Process on Linux
- Freeing up a TCP/IP Port on Linux
- Best practices when running Node.js with port 80 (Ubuntu) in Linux
- Running a SQL query from specific month in SAP DB
- How to check whether a process with a given PID is running
- How to Kill a Detached screen Session on Linux
- Find the Current Working Directory of a Running Process in Linux
- Running vs Waiting vs Terminated Process
- Windows 8 task managers running process
