Kill a process running on a specific port?


It’s common when working with Linux to want to stop a process from using a specific TCP/IP protocol. For example, you might be running an application that listens for HTTP requests and you don’t want it to listen on port 80 (the standard HTTP port). You could use the netstat command to see what ports are currently being used by processes −

$ netstat -lntp | grep :80
tcp6 0 0 :::80 :::* LISTEN 8072/httpd
tcp4 0 0 ::ffff: :::::80 8069/httpd
tcp6 0 :::* LISTEN 903/named
udp6 0 0 :::22 :::* LISTEN 4963/sshd

We’ll look at how to identify processes using their ports and how to terminate them. We will also take a look at how to kill all of the processes listening on a particular port.

Identifying Processes Using Their Ports

The netstat command can help us identify which processes are listening on a given port. The −n flag tells netstat not to print out any information about the connections. This is useful if we just want to know whether or not there are any processes listening

Preparing Our Examples

Before we start testing some strategies for identifying and killing processes running on a port, let’s prepare some processes using socat −

$ socat sctp-listen:9999,bind= stdout &
[1] 6424

$ socat tcp-listen:9999,bind= stdout &
[2] 6431

$ socat udp-listen:9999,bind= stdout &
[3] 6438

Here, we’ve created three processes using port 9999 and the protocols SCTP, TCP, and UDP respectively.

Using the fuser Command

The fuser command is a great tool for terminating processes. We only need to use the −k parameter.

Let’s kill the process using the TCP protocol −

$ fuser -k 9999/tcp
9999/tcp: 6431

Here, the notation 9000/udp is a shortcut for −u udp 9000.

We cannot use fusertop when querying processes using protocols other than tcp or udp.

Using the kill Command

We’ll need to use the “kill” (terminate) function to terminate the process. However, before we can do so, we must first identify the PID of our process by specifying its port and protocols.

We're usually referring to the program /bin/kill when we talk about the "kill" command. However, whether we're talking about the program /usr/bin/kill or the shell built−in kills, they both can send a specific type of signals to a running process.

lsof Command

You can use lsof command to view information about files opened by processes.

Let’s use kill combined with lsof to terminate the process by sending a UDP packet.

$ lsof -i udp:9999 | awk '/9999/{print $2}' | xargs kill

In the lsof part, we’ve used the −i parameter for filtering the process using the syntax [46][protocol][@hostname|hostaddr][:service|port]. In our case, we’ve used protocol:port

We've used awks to search for processes running on a particular TCP/IP address (in our case, 9999) and then printed out only the PIDs. Using xargs and kill, these were terminated.

ss and netstat Commands

Since sctp and netstat list the process using the SCTP protocol, let’s end our last process −

$ ss -Slp | grep -Po ':9999\s.*pid=\K\d+(?=,)' | xargs kill

To list the listening ports for an application, use the ss utility with the −l parameter. You can also specify which processes are using each port by adding the −p parameter. Finally, you can see the SCTP (Stream Control Transmission Protocol) connections by specifying the −S parameter.

We've used sed to remove everything except for the numbers between the string pid=" and a comma ",".

We can also use another approach by running netcat −

$ netstat -Slp | grep -Po ':9999\s.*LISTEN.*?\K\d+(?=/)' | xargs kill

We've searched for a list of numbers between the string "LISTEN" and the character "/".

We can see from these examples that both netcat and netcat6 support other protocols besides TCP/IP, so they're good for helping us broaden our view of our networks. However, since netcat is deprecated, we should prefer using the nc command instead.


We've discussed several methods for killing processes using a specific port.

We've used the fuser command first. We've looked up the PID of a running program using its port number and protocol, and then terminated the associated program with the kill command.