🔗
Networking concepts
  • Introduction
  • DNS
    • Introduction
    • DNS query
  • SSH
    • Introduction
    • Basics
    • SSH tunneling
      • Direct SSH tunnel
      • Reverse SSH tunnel
      • Dynamic SSH tunnel
    • SSH public key authentication
    • Port forwarding with virtual interface
    • sshd
    • scp/sftp
  • 🔫Networking tools
    • configuration & information
      • ip
      • netstat/netsh
      • ifconfig/ipconfig/iwconfig
      • arp
      • route
      • ps
      • ss
      • lsof
      • pgrep
      • nmcli
      • Information about services/processes & PID
    • monitoring & troubleshooting
      • ping
      • tracert/traceroute
      • mtr
      • iperf3
    • domain information
      • dig/nslookup
      • whois
      • host
    • capture & analysis
      • tcpdump
      • ngrep
      • wireshark
    • firewall & security
      • iptables
      • nft
    • services
      • dnsmasq
      • hostapd
      • RDP/VNC
      • ngrok
      • networking.service
      • NetworkManager.service
      • nginx
      • apache
      • nfs
    • miscellaneous
      • cURL
      • wget
      • netwox
      • netcat
      • openssl
      • socat
      • ftp
      • smbclient
    • proxy & tunneling
      • proxychains
    • Programming/scripting
      • Python
      • C
  • 🤩Interesting concepts
    • Simple tips & tricks
    • Network hole punching
    • SSH Over HTTPS
  • Network ports & services cheat sheet
    • 20/21/tcp ~ ftp
    • 22/tcp ~ ssh
    • 23/tcp ~ telnet
    • ...
  • For-fun projects
    • Raspberry pi + Windows machine experiments
Powered by GitBook
On this page
  • ** TO CONTEMPLATE ABOUT THE COMMANDS WHICH REQUIRES SUDO
  • Find processes by service name
  • Retrieve information about a specific PID
  • Identify the port number related to a PID or service name
  1. Networking tools
  2. configuration & information

Information about services/processes & PID

The compiled commands listed below utilizes a few tools: ps, ss, lsof & pgrep. More details about these tools can be found in the individual pages above.

** TO CONTEMPLATE ABOUT THE COMMANDS WHICH REQUIRES SUDO

Find processes by service name

pgrep flags usage:

  • -l: List the process name as well as the process ID

$ pgrep -l <service-name>

# eg. To find PID (Process ID) associated with SSHD (SSH Daesmon)
$ pgrep -l sshd

Retrieve information about a specific PID

ps flags usage:

  • -p: To select by PID

$ ps -p <PID> 
$ ps -p <PID> -o pid, cmd # To only display relevant information

Identify the port number related to a PID or service name

Method 1: Using ss

ss flags usage:

  • -p: Show processes using sockets

Note: In the example below, the command grep -P ':\d{1,}'essentially uses the Perl regex syntax matching to look for all values with the format of :<1 or more digits> such as :4000, :8000, etc. 

$ sudo ss -p | grep <PID> | grep -P ':\d{1,}'

# eg. 
$ sudo ss -p | grep 1400 | grep -P ':\d{1,}'
tcp ESTAB 0    0    
xxxx.xxx.xxx.xxx:4000 xxx.xxx.xxx.xxx:... ....,pid=1400,...

Method 2: Using lsof

lsof flags usage:

  • -i: To only list the addresses associated with an internet address (prevent overload of information that are not relevant)

  • -P: Prevent conversion of port numbers to port names. For example, listing would appear as :53 instead of :domain

  • -n: Prevent conversion of network numbers to host names. For example, listing would appear as 127.0.0.1 instead of localhost

Direct method to look for port numbers relating to a service

$ sudo lsof -i -P -n | grep <service-name>

Look for listening sockets related to a PID or service name

The first portion of the command retrieves all listening sockets. 

$ sudo lsof -i -P -n | grep LISTEN

While the second portion narrows the output down to only the specified PID or service name.

$ ... | grep <PID>
$ ... | grep <service-name>

Final command

$ sudo lsof -i -P -n | grep LISTEN | grep <PID>
$ sudo lsof -i -P -n | grep LISTEN | grep <service-name>
PreviousnmcliNextmonitoring & troubleshooting

Last updated 8 months ago

🔫