Handy Command: Fuser
Fuser is a very handy command when you are trying to investigate what is listening on a box. Consider the following case. You, being a diligent systems administrator, have been performing regular nmap scans against your boxes from remote hosts. You discover that something is listening on port 587 on a server.
What you immediately need to know is: what program is actually listening on that port? The quickest way to find out is to simply run
NOTE:
What you immediately need to know is: what program is actually listening on that port? The quickest way to find out is to simply run
sudo fuser 587/tcp on the box in question. This queries the kernel for what PID is listening on the specified port and reveals almost what you need:587/tcp: 8102The first column is the port you specified, the second is the PID using that port currently. This can be combined with ps to give you the desired output, such as via
echo `sudo /sbin/fuser 587/tcp` | cut -d' ' -f 2 | xargs ps:PID TTY STAT TIME COMMANDI used echo in this case because I was unable to decipher the delimiter used between the two columns in the default output. The whole thing should be aliased such that you run the alias and pass a port, and the ps output is produced.
8102 ? S 14:13 /usr/libexec/postfix/master
NOTE:
fuser is generally found in /sbin or /usr/sbin, which you may have to add to your path.
posted by by Immortal Curiosity at
7:48 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home