In this post, I would demo how to identify the linux package and service by the network port it listens.
3. The problem and solution
3.1 The enviroment
Suppose there is a process that is listening on linux port 8081, we need to identify which package and which service this process belongs to.
3.2 Find the process id by network listen port
Now we need to find the process that occupy the port 8081:
$ lsof -i:8081 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 8585 root 20u IPv4 435953 0t0 TCP launch-advisor-x:34862->188.8.131.52:8081 (ESTABLISHED)
You can see the PID is
What is lsof?
lsof command stands for List Of Open File. This command provides a list of files that are opened. Basically, it gives the information to find out the files which are opened by which process. With one go it lists out all open files in output console
selects the listing of files any of whose Internet address matches the address specified in i. If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files
3.3 Check the detail of the process
Now we know the PID of the process, we need to know the details of the process, we can check the detail of the service by running :
$ ps -ef|grep 8585 root 8585 1 0 May26 ? 00:00:00 /x/x/nginx
We know that it’s an nginx process.
3.4 Find the service that start the process
Now we know the PID of the process, we want to know the service of the process, we can do as follows:
$ systemctl list-units|grep nginx nginx.service loaded active running Nginx Service
To know the detail of the service, we can dig more like this:
$ systemctl status nginx.service ● nginx.service - HTTP Server Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-06-17 03:45:46 UTC; 2min 59s ago Process: 8585 ExecStart=/usr/local/nginx start (code=exited, status=0/SUCCESS) Main PID: 8585 (nginx) CGroup: /system.slice/nginx.service ├─5941 nginx (nginx - main) ├─5949 nginx (nginx - #01) └─5950 nginx (nginx - #02)
3.5 Find the package that install the service
Now we can identify the package by running this command:
$ apt list --installed|grep nginx nginx 184.108.40.2064 all [installed,local]
In this post, I demonstrated how to identify the package and servcie of a process by running a series of commands.