Home / server / Questions / 543152
Accepted
jdw
Asked: 2013-10-02 19:00:28 +0800 CST

How to map an ephemeral port to a pid?

  • 772

I have a RHEL server with several apps on it and I am attempting to figure out which one of them is making calls to an external web service. I have TCP dumps that show the calls being made and through various tools I am able to determine what ephemeral port is making those calls. However, I am unable to figure out how to map that ephemeral port to a pid. I am aware that I can use lsof -i to map bound ports to pids, but this is not my problem.

Is there any way to map an in-use ephemeral port to a pid or some other indicator as to what file is making the call?

port

2 Answers

  1. Best Answer
    lsof -i $PROTOCOL:$PORT
fuser $PORT/$PROTOCOL
netstat -np | grep $PORT

    Any of those should work. Below is sample output showing my mail client using ephemeral port 56375 to talk to an IMAP server for further explanation:

    $ sudo netstat -np | grep 56375
tcp        0      0 192.168.1.1:56375      217.70.184.11:993       ESTABLISHED 3256/thunderbird

$ fuser 56375/tcp
56375/tcp:            3256

$ lsof -i tcp:56375
COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
thunderbi 3256   me     87u  IPv4 510573      0t0  TCP hostname:56375->example.com:imaps (ESTABLISHED)
    • 6

  2. netstat will list all pid and port respective to each other. netstat -nlp will provide you port to pid mapping.

    • 2