Tuesday, October 23, 2007

Handy Command: Fuser

Fuser is a very handy command when you are trying to investigate what is listening on a box. Consider the following case. You, being a diligent systems administrator, have been performing regular nmap scans against your boxes from remote hosts. You discover that something is listening on port 587 on a server.

What you immediately need to know is: what program is actually listening on that port? The quickest way to find out is to simply run sudo fuser 587/tcp on the box in question. This queries the kernel for what PID is listening on the specified port and reveals almost what you need:
587/tcp:              8102
The first column is the port you specified, the second is the PID using that port currently. This can be combined with ps to give you the desired output, such as via echo `sudo /sbin/fuser 587/tcp` | cut -d' ' -f 2 | xargs ps:
8102 ? S 14:13 /usr/libexec/postfix/master
I used echo in this case because I was unable to decipher the delimiter used between the two columns in the default output. The whole thing should be aliased such that you run the alias and pass a port, and the ps output is produced.

NOTE: fuser is generally found in /sbin or /usr/sbin, which you may have to add to your path.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home