« Back to Frequently Asked Questions

How to see which process is using a port

The ss command can solve the question what process is keeping a port in use.

To find services that are listening, we use the --listening option. For TCP that means the LISTEN state, UNCONN for UDP.

Additionally, we specify the option --processes to show the process information and --numeric to avoid resolving hostnames or service names. This way we see port numbers instead of their names.

ss --listening --numeric --processes sport :443
Netid    State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    Process                                                                                      
tcp      LISTEN    0          511                  0.0.0.0:443               0.0.0.0:*        users:(("nginx",pid=344368,fd=19),("nginx",pid=344367,fd=19),("nginx",pid=344264,fd=19))    
tcp      LISTEN    0          511                  0.0.0.0:443               0.0.0.0:*        users:(("nginx",pid=344368,fd=13),("nginx",pid=344367,fd=13),("nginx",pid=344264,fd=13))    
tcp      LISTEN    0          511                     [::]:443                  [::]:*        users:(("nginx",pid=344368,fd=14),("nginx",pid=344367,fd=14),("nginx",pid=344264,fd=14))    
tcp      LISTEN    0          511                     [::]:443                  [::]:*        users:(("nginx",pid=344368,fd=20),("nginx",pid=344367,fd=20),("nginx",pid=344264,fd=20)) 

In this example it is nginx that is using port 443 to listen for incoming connections. Not really surprising for web server software to serve HTTPS on port 443.

The shortened version:

ss -lnp sport :443

Learn more about ss

This article uses the ss command to achieve its tasks. For this popular tool there is a cheat sheet available!

» Mastering the tool: ss

ss cheat sheet

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon