FreeBSD Unix Find Out Which Programs Are Listening On a Given Port Number
I
‘m a new FreeBSD Unix system user. How can I find out the process/programs names listing on a certain port on a FreeBSD Unix systems using command line? How do I lookup the process which is currently bound to the given network port on a FreeBSD server?
You can use any one of the following command-line tools that displays network connections, routing tables, and a number of network interface statistics on a FreeBSD operating systems.
netstat command – Use to see network status including open ports, tcp/udp connections, and more.
sockstat command – Show open sockets.
lsof command – List open files such as network sockets and files on disks.
FreeBSD has a command called sockstat and netstat tools. These are already on a standard FreeBSD install. You need to install the lsof tool from ports collection.
Find the process listening on a certain port using the sockstat command
An example of the netstat command with flags:
Show listening sockets ##
sockstat -l
Show listening sockets for IPv4 only ##
sockstat -4 -l
Show listening sockets for IPv6 only ##
sockstat -6 -l
Sample outputs:
Fig.01: FreeBSD sockstat command in action
Where,
USER : The user who owns and open the socket.
COMMAND : The command which is responsible for the socket.
PID : The process ID of the command which responsible/holds the socket.
FD : The file descriptor number of the socket.
PROTO : The transport protocol associated with the socket for Internet sockets, or the type of socket (stream or datagram) for UNIX sockets.
LOCAL ADDRESS : For Internet sockets, this is the address the local end of the socket is bound to. For bound UNIX sockets, it is the socket’s filename. For other UNIX sockets, it is a right arrow followed by the endpoint’s filename, or ‘??’ if the endpoint could not be determined.
FOREIGN ADDRESS : (Internet sockets only) The address the foreign end of the socket is bound to.
Find selected ports
You can use the grep command to select a certain ports. In this example, find out if port 22 and 80 is open or not:
sockstat -4 -l | grep :22
sockstat -4 -l | grep :80
Sample outputs:
root sshd 642 4 tcp4 *:22 *:*
Show connected sockets only
The syntax is:
sockstat -c
sockstat -c -4
sockstat -c -4 | grep ssh
sockstat -c -4 | grep 22
root sshd 740 3 tcp4 192.168.1.142:22 192.168.1.4:55115
(192.168.1.4 == client IP and 192.168.1.142 == server IP for port 22)
netstat command example to find out open ports and their process
Here the equivalent of netstat:
netstat -a -n | grep LISTEN
netstat -a | egrep LISTEN|Proto|Active
netstat -a | egrep Proto|LISTEN
Sample outputs:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 localhost.smtp *.* LISTEN
tcp4 0 0 *.ssh *.* LISTEN
tcp6 0 0 *.ssh *.* LISTEN
Active UNIX domain sockets
Even though sockstat is thought to be more limited, it is nice to know because at times it can be more useful in gathering certain information. On a FreeBSD, you can get a listing of standard port associations by looking in the /etc/services. If you wanted to find out the purpose of port 631, you can use this command for example:
$ grep -w 631 /etc/services
ipp 631/tcp #IPP (Internet Printing Protocol)
ipp 631/udp #IPP (Internet Printing Protocol)
what the purpose of port 22 ?##
$ grep -w 22 /etc/services
ssh 22/sctp #Secure Shell Login
ssh 22/tcp #Secure Shell Login
ssh 22/udp #Secure Shell Login
It’s handy if you don’t know about ports and are learning about it.
Use lsof command to determine the process/pid listening on a certain port
Some people who have migrated from Linux to BSD like lsof command. It isn’t standard like netstat and sockstat. You will have to install it. At this time there is no package.
To install it as root. So first, install the lsof command using the port:
# cd /usr/ports/sysutils/lsof/ && make install clean
Or use the pkg command (warning this may not work on the latest release 10.x):
# pkg install sysutils/lsof
Sample outputs:
Updating FreeBSD repository catalogue…
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity… done (0 conflicting)
The following 1 packages will be affected (of 0 checked):
New packages to be INSTALLED:
lsof: 4.89.c,8
The process will require 224 KiB more space.
Proceed with this action? [y/N]: y
[1/1] Installing lsof-4.89.c,8…
[1/1] Extracting lsof-4.89.c,8: 100%
To discover the process name, ppid, and other details you need to use the following syntax:
lsof -i :port
lsof -i tcp:portNumber
lsof -i udp:portNumber
For example, see which process is listening upon port 80 or 22 you can run:
lsof -i :80
OR
lsof -i :22
Sample outputs:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 642 root 3u IPv6 0xfffff8000961a400 0t0 TCP *:ssh (LISTEN)
sshd 642 root 4u IPv4 0xfffff8000961a000 0t0 TCP *:ssh (LISTEN)
sshd 740 root 3u IPv4 0xfffff800094dec00 0t0 TCP 192.168.1.142:ssh->192.168.1.4:55115 (ESTABLISHED)
To list all open TCP process and their pids, enter:
lsof -iTCP -sTCP:LISTEN
lsof -iTCP -sTCP:LISTEN -P -n
lsof -n -P -i +c 15
Sample outputs:
Fig.02: Find out which process is listening upon a port using lsof utility
References
For information read sockstat command man page:

$ man sockstat
For information read netstat command man page:

$ man netstat
Not a fan of FreeBSD? See how to find out which process is listening upon a port on a Linux operating systems for more info.
This quick tutorial was contributed by Wendy Michele. Editing by admin. You can too contribute to nixCraft.
