Let’s Use ‘netstat’ To Find Out What Process Is Listening On A Specific Port

Today’s article is going to teach you how to use ‘netstat’ to find out what process is listening on a specific port. If you have open ports and don’t know why – and what’s listening on that port, you’re not making good security choices.

Let’s say you followed an article about how to monitor TCP/UDP in real time. If you’re new, or even just not all that advanced with Linux and networking, you might not know why there are all those ports and all that activity. Well, one of the things you should know is how to identify what process is listening on a specific port.

There are a number of ways to do this, but we’ll be using ‘netstat’. The ‘netstat’ application can be pretty advanced, but what we’ll be doing is pretty straightforward. If you’re curious, ‘netstat’ defines itself thus:

Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

As you can see, it’s a pretty advanced application. It has a rather expansive man page, and we’ll largely ignore that as we really only need some limited functionality. All we really need to do, for this exercise, is find out what process is listening on a specific port.

With that in mind, let’s leap into the meat of the article…

What Process Is Listening On A Specific Port:

This article requires an open terminal. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Once you have that open, you’ll need to find out if you have ‘netstat’ already installed. There are many ways to do this, I prefer:

If you do not have ‘netstat’ installed, it’s certainly available for all mainstream distros and easily installed from your default repositories. Here’s how to install on a few distros:

Debian/Ubuntu/Mint/etc:

RHEL/CentOS/Fedora/Rocky Linux/etc:

SUSE/OpenSUSE/etc:

If you’re using a different distro, root through the default repositories. It’s a pretty common tool and I’d like to imagine it’s easily available to anyone.

Once you have ‘netstat’ installed, the command we’re going to use is really, really, simple. In fact, I wrote this whole darned article mostly for just one command. I probably could have made it shorter. Still, it might as well be long enough to give some extra information along the way.

Anyhow, the command you run is this:

For example, you might have an open port 22 and want to know what process is listening on that specific port. So, you’re command would look like this:

The end result will look something like this:

netstat being used to find out which process is listening at a specific port
While not completely clear, you can deduce that it’s just the SSH daemon listening on port 22.

It may not be completely clear, but you can use this to deduce what process is listening on a specific port. If it’s not completely clear, you can get actually dig a little deeper. See the “1100” in there? Well, that’s the PID (Process ID) and you can use the following command to get more informtion. It looks like this:

The output from that in this case is:

Which, as we know, is the daemon for SSH and thus nothing unexpected is running on port 22. See? Security!

Closure:

And there you have it, another article. This one is a pretty handy one, especially for when you want to know what process is listening on a specific port. If you have things running that you can’t identify, you can always stop by Linux.org and ask for help. Someone there will try to find out what’s going on for you.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Transfer Files Over SSH with SCP

In this article, you will learn how to transfer files over SSH by using ‘scp’. If you need to transfer files over a network, this is one way to do so. There are numerous other options to transfer files over a network, and this is just one of them. Feel free to leave a comment sharing other ways you use to transfer files over SSH.

We have had quite a number of articles about SSH. It stands for “Secure Shell” and you can click to find a collection of SSH articles. If you’re entirely new to SSH, you’d probably enjoy learning how to install/enable SSH. As mentioned, there have been a bunch of articles covering this subject.

Today, we’ll be using ‘scp’, which defines itself as:

OpenSSH secure file copy

It shares quite a bit of similarity with the ‘cp’ command, a command we oddly haven’t covered yet. That’s not too important. We’ll eventually get to that article and maybe remember to link back to this one. What’s important to know is that it shares some similar features and syntax.

So, today we’re going to use ‘scp’ to transfer files over SSH, over a network. It’s a pretty good skill to know, as copying files is probably the 2nd most frequently used feature over SSH, with device management being first. At least it’d be 2nd most for me, I’m not sure what you all do with it.

Transfer Files Over SSH with scp:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

You’re also going to need a device you can SSH into, and I can’t really help you with that. You can always install OpenSSH on your desktop and practice by using SSH over localhost. 

Now, with your terminal open, it’s time to transfer a file. The very most basic command to copy a file to the remote server would be:

You can also copy multiple files to the remote server:

You can copy all files from the directory you’re in (on the local device) easily enough. It’s just our beloved asterisk.

If you want to copy the files from the folder in AND the files from the folders in that directory (recursively), then the command just requires a -r flag.

You can actually go the other direction. If you want to transfer remote files to your local device, then you’d be looking at this command:

From that, you can use the above commands, extrapolate if you will, for ways to transfer the file to your local device from the remote device. It’s not terribly difficult, and ‘scp’ is something everyone should know if they’re working with remote computers on a regular basis.

By the way, setting up SSH on your computer isn’t a bad idea. Sometimes a malfunctioning computer can be accessed via SSH when nothing else will work. I have SSH installed (and secured) on pretty much every computer in the house.

Closure:

See? Now you know how to use ‘scp’ to copy files over a network via SSH. It’s a pretty awesome skill to have and one you may need until the end of time, or at least as long as Linux lasts as an operating system – which should be quite a long time. So, it’s in your best interests to learn how to use ‘scp’ with at least a basic level of skill.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Make ‘curl’ Ignore Certificate Errors

In today’s article, we’re going to learn how to make ‘curl’ ignore certificate errors. If you do a lot of ‘curl’ing, this is something you’ll want to know. It’s not a dreadfully difficult task to ignore certificate errors, just a couple of options, but we might as well learn them both today.

We have previously covered the curl command, though the article only touched the surface – covering the basics that a regular Linux user might want to know. If you’re unfamiliar with curl, it’s a tool that’s used to transfer data to or from a server. It defines itself as a tool that you use to ‘transfer a URL’ and it’s an expansive application, with myriad options only a true guru would need or want to know.

What we haven’t really covered much is SSL and certificates. Briefly, SSL stands for “Secure Sockets Layer” and means that there’s a secure connection between you and the site. The certificate contains information like the URL and IP address – and is the confirmation used in the secure socket layer. Meaning, the certificate matches the site and this confirmation is what lets you use SSL without any warnings. Any break in the chain should throw an error up on your screen about a broken or missing certificate.

But, what if you still need that information? What if that data is essential? If the certificate is broken then curl will throw an error and not complete the transfer. It’s for this reason that you’ll want to learn how to …

Make ‘curl’ Ignore Certificate Errors:

Obviously, curl is an application used in the terminal, so this article requires an open terminal. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

These days, everything is expected to have a security certificate and SSL. Even this site has one, as you can tell by the https:// in the URL. Some folks want them for everything on the web, but I’d contend not every site really needs to have one – especially sites that aren’t interactive and don’t collect personal information. But, I have one and would have one regardless – simply because we do exchange some personal information (like email addresses) and I want folks to know we take security seriously.

Moving on…

The syntax is simple and, again, we’re only tackling part of the curl application. It’s simply too large a program, with too many variables, to cover it all in just one article. You basically have two choices:

And the other option is:

Either of those will let  you make curl ignore certificate errors, allowing  you to fetch whatever it is you were after. I suppose you should be careful with this, always verifying what you fetch is what you were actually after. Be extra careful to ensure the address is the one intended, of course. Just practice some careful scrutiny and you’re likely to be just fine.

Closure:

Yup. Another article. This one will help you use curl and to ignore certificate errors. It’s especially useful if you use curl a great deal. If not, stick it in the back of your memory banks and recall it when you do end up needing it. You never know when a tool like this will come in handy.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Monitor TCP/UDP In Real Time

If you’re concerned about network connections to your device, you may want to monitor TCP/UDP in real time. It’s a pretty handy way to get a handle on what connections are being made by your devices. This article could be pretty complicated, but I’ll try to make sense of it all.

By the way, if you ever want to be sure you know something, try explaining it to someone who knows nothing about it. It can be pretty humbling. Leave a comment letting me know how I did.

Anyhow, moving on…

Network connections happen on various ports. Think of them as though your computer is a country and you have various ports that let traffic in and let traffic out.

There are different kinds of traffic, just like there are different kinds of ships. You have leisure, goods, military ships, etc… You have cruise ships, tankers, cargo yachts, kayaks, aircraft carriers, etc. Traffic is often bidirectional, meaning going in and leaving on the same port. In the case of TCP and UDP, traffic is bidirectional so one port will accommodate both.

So…

What Are TCP and UDP Anyhow?

In the case of TCP, you may be familiar with the expression TCP/IP, and it stands for Transmission Control Protocol. TCP requires a server/client relationship and should only be used on certain ports. Those ports are things like FTP, SSH, SMTP, Time, TELNET, etc… So, if you know you don’t have an FTP server running, you really shouldn’t be seeing traffic on ports 20 or 21.

UDP, on the other hand, stands for “User Datagram Protocol”. Unlike UDP, there’s no client/server relationship required. It just spews traffic out as needed/ordered. UDP connections do things like check a DNS server to find the IP address for a domain name. It then waits for the server to respond. There’s less latency and it’s more useful for ‘real time’ processes. Voice and video may be sent using UDP. Again, if you’re seeing unrecognized traffic, there may be a problem.

If you want, you can get a general idea (you don’t really need to memorize this) of what belongs where, with regards of TCP/UDP traffic. Wikipedia has an excellent list of TCP/UDP port numbers.

So, with that information at hand, you can see why you might want to …

Monitor TCP/UDP In Real Time:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Once you have your terminal open, you can use ‘netstat’ and examine this in detail. If you just want to check once,  you can run this command:

To monitor it in real time, you’ll just use the ‘watch’ command. That’d look like this:

You can use the -n flag to change the refresh interval, as it will default to every two seconds. To make it every five seconds, the command would look like this:

You can change that number, but you can go no lower than once ever 0.1 seconds. I’m not sure if there’s an upper threshold, but it might have one. 

Either way, you can monitor your TCP/IP connections in real time. It’s not really all that difficult. You may see some results that alarm you, but odds are you’re just new to checking the output. Before getting alarmed and making drastic changes to your computer, research to see if the connection is actually just normal traffic.

Closure:

And there you have it, you have another article to read. This one is about how you can monitor TCP/UDP in real time, a useful tool if you’re concerned with your network’s traffic. Malicious activities will likely require network ingress and egress, so this can help your security assessments. Strange connections don’t necessarily mean there’s a problem – but they do mean you might want to look to see what’s causing the connections.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Subscribe To Our Newsletter
Get notified when new articles are published! It's free and I won't send you any spam.
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.