Handy Command: Fuser

Posted on October 23, 2007 by Samuel Huckins

Fuser is a very handy command when you are trying to investigate what is listening on a box.

Consider the following case. You, being a diligent systems administrator, have been performing regular nmap scans against your boxes from remote hosts. You discover that something is listening on port 587 on a server. What you immediately need to know is: what program is actually listening on that port? The quickest way to find out is to simply run

1
sudo fuser 587/tcp

on the box in question. This queries the kernel for what PID is listening on the specified port and reveals almost what you need:

1
587/tcp:              8102

The first column is the port you specified, the second is the PID using that port currently. This can be combined with ps to give you the desired output, such as via

1
echo `sudo /sbin/fuser 587/tcp` | cut -d' ' -f 2 | xargs ps

:

1
 PID TTY      STAT   TIME COMMAND 8102 ?        S     14:13 /usr/libexec/postfix/master

I used echo in this case because I was unable to decipher the delimiter used between the two columns in the default output. The whole thing should be aliased such that you run the alias and pass a port, and the ps output is produced.

NOTE: fuser is generally found in /sbin or /usr/sbin, which you may have to add to your path.

Be Sociable, Share!

Post to Twitter Post to Delicious Post to Digg Post to Reddit

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

This entry was posted in CLI and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>