Oneliner to get the command which started a process on a certain port

Tms91 Published at Dev

Tms91

I would need a one-line command which, given a port number, returns information on the command which started the process running on that port.

Usually, I get this information by running a sudo netstat

sudo netstat -antpv | grep PORT_NUMBER

which returns the PID_NUMBER on the 4th column, after the column character (:), and then I use the PID_NUMBER as input for a ps aux

ps aux | grep PID_NUMBER

which returns information on the "starting command" on 11th column.

e.g.

# use the port number to get the process id
my_machine:~$ sudo netstat -antpv | grep 30001
tcp        0      0 0.0.0.0:30001           0.0.0.0:*               LISTEN      616/python

# use the process id to get info on the command which started the process
my_machine:~$ ps aux | grep 616    
my_user       616  0.8  0.5 220112 89596 ?        S    01:10   6:59 /usr/bin/python my_program.py --log=INFO

Is it possible to get to this information with a one-line command?

e.g.

my_machine:~$ ps aux | grep get_only_the_number_after_the_column_character_in_the_4th_column_of(sudo netstat -antpv | grep PORT_NUMBER)

/usr/bin/python my_program.py --log=INFO

Update

I am almost doing it.

I get what I want with

my_machine ~$ ps aux | awk '{if ($2 == "616") print $0;}'

my_user       616  0.7  0.5 220112 89596 ?        S    01:10   8:11 /usr/bin/python my_program.py --log=INFO

but it does not work when I try to save the PID in a bash variable and then pass it to awk

my_machine:~$ mypid=$(sudo lsof -ti :30001)
my_machine:~$ echo $mypid 
616

my_machine:~$ ps aux | awk '{if ($2 == "$mypid") print $0;}'
my_machine:~$

my_machine:~$ ps aux | awk -v mypid="$mypid" '{if ($2 == "mypid") print $0;}'
my_machine:~$

my_machine:~$ ps aux | awk -v mypid="616" '{if ($2 == "mypid") print $0;}'
my_machine:~$

Raffa

There are simpler straight foreword methods of getting the PID of a process that uses a certain port ... Like e.g. lsof when used with the options -i(which selects the listing of files any of whose Internet address matches the address specified - e.g. :PORT_NUMBER) and -t(which specifies that lsof should produce terse output with process identifiers only and no header - e.g., so that the output may be piped to kill) like so:

sudo lsof -ti :30001

That you can use to feed the process ID to another command ... e.g. you can get what you want with:

ps -h -p $(sudo lsof -ti :30001) -o command

Or format the output as you wish like for example:

ps -h -p $(sudo lsof -ti :30001) -o user,pid,cpu,vsz,rss,tty,stat,start,time,command

You can further tune the options to get what you need ... Please have a look at man ps.

Also, you might find the ss command useful ... e.g. You might be able to get more information that you need in one step like so:

sudo ss -eaptn 'sport = :30001'

You can as well tune the options to get what you need ... Please have a look at man ss.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2022-11-25

Comments

0 comments

TOP Ranking

Article