ServerBuddies Support Blog

How to find open sockets on your Linux server

Here we will look into lsof - list open file, and Nmap (“Network Mapper”)

Nmap is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

There are a number of methods that you can use to show open sockets at least:

lsof -U will list open sockets

nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports

Nmap done: 1 IP address (1 host up) scanned in 4.003 seconds

Nmap has lots of options, so we are going to focus on only some of them.

fuser - identify processes using files or sockets

In order to look up processes using TCP and UDP sockets, the corresponding name space has to be selected with the -n option. By default fuser will look in both IPv6 and IPv4 sock-ets. To change the default, behavior, use the -4 and -6 options. The socket(s) can be specified by the local and remote port, and the remote address. All fields are optional, but commas in front of missing fields must be present:

Either symbolic or numeric values can be used for IP addresses and port numbers.

fuser outputs only the PIDs to stdout, everything else is sent to stderr.

FILES

/proc location of the proc file system

EXAMPLES

fuser -km /home kills all processes accessing the file system /home in any way.

if fuser -s /dev/ttyS1; then :; else something; fi invokes something if no other process
is using /dev/ttyS1.

fuser telnet/tcp shows all processes at the (local) TELNET port.

In order to see all TCP sockets currently open, run (as root).

If all of the sockets in question on your webserver port (port 80), you should be able to list only those with

lsof is another tool for locating open files. lsof (no options) will list all files opened by any processes currently running. To restrict this to processes owned by username, use