others-How to identify the package and servcie of a process by running a series of commands?

1. Purpose

In this post, I would demo how to identify the linux package and service by the network port it listens.

2. Environment

  • Ubuntu

3. The problem and solution

3.1 The enviroment

Suppose there is a process that is listening on linux port 8081, we need to identify which package and which service this process belongs to.

image-20210617151519687

3.2 Find the process id by network listen port

Now we need to find the process that occupy the port 8081:

$ lsof -i:8081
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx     8585 root   20u  IPv4 435953      0t0  TCP launch-advisor-x:34862->11.1.1.5:8081 (ESTABLISHED)

You can see the PID is 8585.

What is lsof?

lsof command stands for List Of Open File. This command provides a list of files that are opened. Basically, it gives the information to find out the files which are opened by which process. With one go it lists out all open files in output console

What is lsof -i?

selects the listing of files any of whose Internet address matches the address specified in i. If no address is specified, this option selects the listing of all Internet and x.25 (HP-UX) network files

3.3 Check the detail of the process

Now we know the PID of the process, we need to know the details of the process, we can check the detail of the service by running :

$ ps -ef|grep 8585
root      8585     1  0 May26 ?        00:00:00 /x/x/nginx

We know that it’s an nginx process.

3.4 Find the service that start the process

Now we know the PID of the process, we want to know the service of the process, we can do as follows:

$ systemctl list-units|grep nginx
nginx.service                                      loaded active running   Nginx Service

To know the detail of the service, we can dig more like this:

$ systemctl status nginx.service
● nginx.service -  HTTP Server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2021-06-17 03:45:46 UTC; 2min 59s ago
  Process: 8585 ExecStart=/usr/local/nginx start (code=exited, status=0/SUCCESS)
 Main PID: 8585 (nginx)
   CGroup: /system.slice/nginx.service
           ├─5941 nginx (nginx - main)
           ├─5949 nginx (nginx - #01)
           └─5950 nginx (nginx - #02)

3.5 Find the package that install the service

Now we can identify the package by running this command:

$ apt list --installed|grep nginx
nginx 1.0.2.574 all [installed,local]

4. Summary

In this post, I demonstrated how to identify the package and servcie of a process by running a series of commands.