The lsof program is available for all Unix platforms and its use is described in the Unix Support web page Service detection on a Unix box. However, for a Linux box there is a different solution. The GNU netstat program has been extended so that in addition to showing network activity, it can show what program is responsible for each. This page illustrates the extnded use of the netstat program.
So, how do we determine what listeners are active on a system and what's responsible for them?
# netstat --all --programs Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 hydra.csi.cam.ac.uk:743 griffin.csi.cam.a:32771 TIME_WAIT - tcp 1 0 hydra.csi.cam.ac.u:2578 wwwcache.cam.a:webcache CLOSE_WAIT 12843/netscape-comm tcp 1 0 hydra.csi.cam.ac.u:2575 wwwcache.cam.a:webcache CLOSE_WAIT 12843/netscape-comm tcp 1 0 hydra.csi.cam.ac.u:2574 wwwcache.cam.a:webcache CLOSE_WAIT 12843/netscape-comm tcp 1 0 hydra.csi.cam.ac.u:2571 wwwcache.cam.a:webcache CLOSE_WAIT 12843/netscape-comm tcp 0 0 hydra.csi.cam.ac.u:1021 nymph.csi.cam.ac.uk:ssh ESTABLISHED 14431/slogin tcp 0 0 hydra.csi.cam.ac.u:1022 libra.cus.cam.ac.uk:ssh ESTABLISHED 1174/slogin tcp 0 0 hydra.csi.cam.ac.u:1023 libra.cus.cam.ac.uk:ssh ESTABLISHED 1056/slogin tcp 0 0 *:X *:* LISTEN 880/X tcp 0 0 *:www *:* LISTEN 793/httpd tcp 0 0 *:printer *:* LISTEN 620/lpd Waiting tcp 0 0 *:ssh *:* LISTEN 599/sshd tcp 0 0 *:login *:* LISTEN 590/xinetd tcp 0 0 *:auth *:* LISTEN 540/identd tcp 0 0 *:606 *:* LISTEN 425/ypbind tcp 0 0 *:1024 *:* LISTEN 394/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 367/portmap udp 0 0 *:693 *:* 425/ypbind udp 0 0 *:799 *:* - udp 0 0 *:800 *:* - udp 0 0 *:603 *:* 425/ypbind udp 0 0 *:1025 *:* 394/rpc.statd udp 0 0 *:994 *:* 394/rpc.statd udp 0 0 *:1024 *:* - udp 0 0 *:sunrpc *:* 367/portmap raw 0 0 *:icmp *:* 7 - raw 0 0 *:tcp *:* 7 - Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 1 [ ] STREAM CONNECTED 1561 1056/slogin @0000006a unix 1 [ ] STREAM CONNECTED 935 881/gdm @00000037 unix 1 [ ] STREAM CONNECTED 1563 931/gnome-smproxy @0000006b unix 0 [ ACC ] STREAM LISTENING 1473 1018/gmc /tmp/orbit-rjd4/orb-16644743141280678577 unix 1 [ ] STREAM CONNECTED 938 880/X @00000038 unix 0 [ ACC ] STREAM LISTENING 933 880/X /tmp/.X11-unix/X0 unix 9 [ ] DGRAM 418 342/syslogd /dev/log unix 1 [ ] STREAM CONNECTED 1476 1018/gmc @0000005b unix 0 [ ACC ] STREAM LISTENING 1405 1016/panel /tmp/orbit-rjd4/orb-18466757051582699047 unix 0 [ ACC ] STREAM LISTENING 745 657/gpm /dev/gpmctl unix 1 [ N ] STREAM CONNECTED 23527 12843/netscape-comm @000002ed unix 1 [ ] STREAM CONNECTED 1470 1018/gmc @0000005a unix 1 [ ] STREAM CONNECTED 962 881/gdm @0000003c unix 1 [ ] STREAM CONNECTED 1522 931/gnome-smproxy @00000068 unix 1 [ ] STREAM CONNECTED 1468 1018/gmc @00000059 unix 0 [ ACC ] STREAM LISTENING 1361 1012/gnome-name-ser /tmp/orbit-rjd4/orb-12329789821369630643 unix 0 [ ACC ] STREAM LISTENING 1053 935/sawfish /tmp/.sawmill-rjd4/hydra.csi.cam.ac.uk:0.0 unix 0 [ ACC ] STREAM LISTENING 899 841/xfs /tmp/.font-unix/fs7100 unix 1 [ ] STREAM CONNECTED 1518 1033/xterm @00000067 unix 1 [ ] STREAM CONNECTED 1483 1026/deskguide_appl @0000005c unix 0 [ ACC ] STREAM LISTENING 1020 895/gnome-session /tmp/.ICE-unix/895 unix 0 [ ACC ] STREAM LISTENING 1488 1026/deskguide_appl /tmp/orbit-rjd4/orb-2127459101746060649 unix 1 [ ] STREAM CONNECTED 1400 1016/panel @00000057 unix 1 [ ] STREAM CONNECTED 28820 14408/xterm @00000386 unix 1 [ ] STREAM CONNECTED 1559 1056/slogin @00000069 unix 0 [ ACC ] STREAM LISTENING 1504 1028/tasklist_apple /tmp/orbit-rjd4/orb-269828951439015599 unix 1 [ ] STREAM CONNECTED 1491 1026/deskguide_appl @0000005e unix 1 [ ] STREAM CONNECTED 1408 1016/panel @00000058 unix 1 [ ] STREAM CONNECTED 1293 935/sawfish @00000047 unix 1 [ ] STREAM CONNECTED 29151 931/gnome-smproxy @0000038f unix 1 [ ] STREAM CONNECTED 28825 931/gnome-smproxy @00000387 unix 1 [ ] STREAM CONNECTED 1388 1014/xscreensaver @00000055 unix 1 [ ] STREAM CONNECTED 1048 935/sawfish @00000046 unix 1 [ ] STREAM CONNECTED 29146 14535/xterm @0000038e unix 1 [ ] STREAM CONNECTED 1877 1153/xterm @00000074 unix 1 [ ] STREAM CONNECTED 1507 1028/tasklist_apple @00000063 unix 1 [ ] STREAM CONNECTED 1398 1016/panel @00000056 unix 1 [ ] STREAM CONNECTED 1881 931/gnome-smproxy @00000075 unix 1 [ ] STREAM CONNECTED 1513 1016/panel @00000066 unix 1 [ ] STREAM CONNECTED 1511 1028/tasklist_apple @00000065 unix 1 [ ] STREAM CONNECTED 1029 931/gnome-smproxy @00000043 unix 1 [ ] STREAM CONNECTED 1494 1026/deskguide_appl @00000060 unix 1 [ ] STREAM CONNECTED 1027 931/gnome-smproxy @00000042 unix 0 [ ] STREAM CONNECTED 252 1/init [5] @00000024 unix 1 [ ] STREAM CONNECTED 1646 1056/slogin @00000070 unix 1 [ ] STREAM CONNECTED 1022 895/gnome-session @00000041 unix 1 [ ] STREAM CONNECTED 25707 13666/xterm @00000305 unix 1 [ ] STREAM CONNECTED 1648 931/gnome-smproxy @00000071 unix 1 [ ] STREAM CONNECTED 1502 1028/tasklist_apple @00000062 unix 1 [ ] STREAM CONNECTED 25711 931/gnome-smproxy @00000306 unix 1 [ ] STREAM CONNECTED 1497 1016/panel @00000061 unix 1 [ ] STREAM CONNECTED 1355 1012/gnome-name-ser @00000050 unix 1 [ ] STREAM CONNECTED 29152 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 29147 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 28826 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 28821 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 25712 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 25708 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 23528 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1882 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1878 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1649 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1647 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1564 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1562 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1560 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1523 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1519 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1515 1028/tasklist_apple /tmp/orbit-rjd4/orb-269828951439015599 unix 1 [ ] STREAM CONNECTED 1512 1016/panel /tmp/orbit-rjd4/orb-18466757051582699047 unix 1 [ ] STREAM CONNECTED 1508 1012/gnome-name-ser /tmp/orbit-rjd4/orb-12329789821369630643 unix 1 [ ] STREAM CONNECTED 1503 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1499 1026/deskguide_appl /tmp/orbit-rjd4/orb-2127459101746060649 unix 1 [ ] STREAM CONNECTED 1496 1016/panel /tmp/orbit-rjd4/orb-18466757051582699047 unix 1 [ ] STREAM CONNECTED 1492 1012/gnome-name-ser /tmp/orbit-rjd4/orb-12329789821369630643 unix 1 [ ] STREAM CONNECTED 1484 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1477 1012/gnome-name-ser /tmp/orbit-rjd4/orb-12329789821369630643 unix 1 [ ] STREAM CONNECTED 1471 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1469 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1409 1012/gnome-name-ser /tmp/orbit-rjd4/orb-12329789821369630643 unix 1 [ ] STREAM CONNECTED 1401 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1399 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1389 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1356 880/X /tmp/.X11-unix/X0 unix 0 [ ] DGRAM 1354 1012/gnome-name-ser unix 1 [ ] STREAM CONNECTED 1294 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1049 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1030 895/gnome-session /tmp/.ICE-unix/895 unix 1 [ ] STREAM CONNECTED 1028 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 1023 880/X /tmp/.X11-unix/X0 unix 0 [ ] DGRAM 964 881/gdm unix 1 [ ] STREAM CONNECTED 963 880/X /tmp/.X11-unix/X0 unix 1 [ ] STREAM CONNECTED 939 841/xfs /tmp/.font-unix/fs7100 unix 1 [ ] STREAM CONNECTED 941 880/X /tmp/.X11-unix/X0 unix 0 [ ] DGRAM 879 816/crond unix 0 [ ] DGRAM 663 590/xinetd unix 0 [ ] DGRAM 618 540/identd unix 0 [ ] DGRAM 575 487/automount unix 0 [ ] DGRAM 505 409/apmd unix 0 [ ] DGRAM 474 394/rpc.statd unix 0 [ ] DGRAM 433 352/klogd
Now that was every single network connection on the system. We are only interested in the listeners. These show up as *: followed by the port number or service name if known. If we look for those lines containing *: we can restrict output to just the listeners.
# netstat --all --programs | grep '*:' tcp 0 0 *:X *:* LISTEN 880/X tcp 0 0 *:www *:* LISTEN 793/httpd tcp 0 0 *:printer *:* LISTEN 620/lpd Waiting tcp 0 0 *:ssh *:* LISTEN 599/sshd tcp 0 0 *:login *:* LISTEN 590/xinetd tcp 0 0 *:auth *:* LISTEN 540/identd tcp 0 0 *:606 *:* LISTEN 425/ypbind tcp 0 0 *:1024 *:* LISTEN 394/rpc.statd tcp 0 0 *:sunrpc *:* LISTEN 367/portmap udp 0 0 *:693 *:* 425/ypbind udp 0 0 *:799 *:* - udp 0 0 *:800 *:* - udp 0 0 *:603 *:* 425/ypbind udp 0 0 *:1025 *:* 394/rpc.statd udp 0 0 *:994 *:* 394/rpc.statd udp 0 0 *:1024 *:* - udp 0 0 *:sunrpc *:* 367/portmap raw 0 0 *:icmp *:* 7 - raw 0 0 *:tcp *:* 7 -
netstat identifies the program and the process id in the final column. The other columns are not relevant to this discussion. Note that all the services that are started up by inetd are identified as such.