On my server machine, I have an application that responds to port 9876.
I've closed the application with kill.
If I do netstat | grep 9876, no process is shown.
However, I can still do POST and GET request to the server machine (from both Postman and Chrome) on port 9876.
How is that possible?
Just netstat doesn't show you listening sockets/process
Issue sudo netstat -lp | grep 9876, as Payalord mentioned, if you don't sudo you'll only list sockets controlled by your user. The last column will be PID/Program name which will help you find out who's keeping this socket open.
man pages are your friends:
-p, --program
Show the PID and name of the program to which each socket belongs.
-l, --listening
Show only listening sockets. (These are omitted by default.)
As for avoiding the application from spawning a subprocess, you'll need to investigate this as there's not enough information here to know why it happens and how to avoid it.
Make sure you are running commands on the right user, usually the best to run the commands on root user.
Also maybe better to run netstat like this: netstat -tulpn | grep :9876
Hope this helps to clarify the problem.
Related
I am trying to make a program that automatically lists all of the connections to my computer from outside of the router. The end goal of this script is that I would like to be able to have a clean list of the external IP addresses of every server/website I am connecting to. I am also trying to use this as a way to learn more about how networks, websites, and servers work so I am sorry for any mistakes I make with terminology and general knowledge!
My tcpdump bash script:
while :
do
# get myip and assign it to a variable
myip="$(ifconfig wlp2s0 | grep -E -o -m 1 "inet................" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")"
# tcpdump on my ip for all packets going to or from my ip address. the ipaddress of the packets is placed in IP Address.txt
sudo tcpdump -c 1 -nn host "$myip" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" >> IPaddress.txt
done
I thought that tcpdump would be the tool for this however I confess that I do not know how tcpdump works. This script is a bash file that I am running through ubuntu. How would I use tcpdump to collect the IP address of every website that I am connecting to? I read the tcpdump documentation and believe it can help me achieve my goal however if there are better tools out there I would love to hear it! Currently, this code only displays internal IP addresses. ;(
I'd lean more towards using ss or netstat.
ss --all --ipv4
Would show all IPv4 connections.
The same works for IPv6 of course; and you could add one of many arguments to get more detailed information if you want, such as --processes, --extended, or --info.
There's also a few more arguments to control the output format, making it more suitable for parsing:
ss --all --ipv4 --processes --no-header --oneline
Suggest to follow ss command .
Learn about ss command here.
As a web application tester I need to verify the http requests(seen in the net tab of the firebug when you hit a site in firefox) for my web site.
Is there a way to capture the http requests/network calls in shell scripting?
I have solution to do it in Java. We can use browsermob proxy.
But please help me how to do in shell scripting.
It sounds like what you want is tcpdump What you can do is run a script to capture requests going to your server and then verify them within Wireshark. Which provides a more user friendly output than the raw TCP dumps. If your want to listen to everything on port 80 (HTTP) you can run the following command:
sudo tcpdump -s 0 -X 'tcp dst port 80' -w capture.pcap
At a later time you can copy the capture.pcap file which onto a machine running Wireshark. Load it, and browser through the TCP dumps to make sure the expected traffic occured.
when I run this in terminal:
lsof -n -i4TCP:8081
I get this
node 10901 me 28u IPv6 0xbcad49 0t0 TCP *:sunproxyadmin (LISTEN)
foo 11957 me 15u IPv4 0xbcad49 0t0 TCP 127.0.0.1:61127->127.0.0.1:sunproxyadmin (CLOSE_WAIT)
What is this sunproxyadmin?
Per http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=8081, TCP port 8081 is the well known port for sunproxyadmin the same way 80 is the well known port for http. In this case, you have a node process that is listening on port 8081, but lsof is trying to be helpful and show the well known port for this. Under linux, this is defined in /etc/services; I would expect OS X is similar.
Edit 1: Note that per Apple Man Pages, passing -P
inhibits the conversion of port numbers to port names for network files.
Inhibiting the conversion may make lsof run a little faster. It
is also useful when port name lookup is not working properly.
This should cause lsof to not print out the confusing sunproxyadmin for something that just happens to use the port that Sun registered.
Edit 2: The second column in your response (e.g. 10901 in the first row, which is the one you want, and 11957 in the second row) should be the process ID. If you do ps aux | grep 10901 (or ps elf | grep [pid], as I can't remember which works right for OSX and don't have it handy) you should get something like:
apache 19783 0.0 0.2 251888 8580 ? S Oct07 0:00
/usr/sbin/httpd -DFOREGROUND
(or to make something up:
nodeuser 10901 0.0 0.2 251888 8580 ? S Oct07 0:00 node index.js
)
You can kill it with kill -9 10901 (or whatever the PID was) though you might find it comes back if it's running as a service or what.
This is useful enough to add to your bash profile:
function findbyport()
{
sudo lsof -P -iTCP:$1 -sTCP:LISTEN
}
Kill it, do in your terminal
sudo lsof -i :8081
from there get the PID number and then run
kill -9 <PID NUMBER>
You can check on FB documentation for more info
If you don't want to kill sunproxyadmin process, let try to start React native in different port with command:
react-native start --port your_port
Then open Dev settings (see how to open dev menu), and modify Debug server host & port for device to: your_local_ip:your_port
There is this MACAFEE antivirus running on my Mac. I am able to kill it(Even though I should not be killing it, I tried it, and looks like it never dies! Sudo has no power after all!).So after a lot of research I have tried this one.
Step 1 : Get the process' PID
sudo lsof -n -i4TCP:8081
Step 2 : Find the launchd endpoint
sudo launchctl list | grep
Step 3 : Remove mcafee
sudo launchctl remove com.mcafee.agent.macmn
If this one works for you pls say thanks to me and as well as https://fantashit.com/unable-to-perform-react-native-start/
How can I determine the services which are listening on a port bigger than 8000 using the netstat command under windows and unix?
Could you help me out, please?
On Windows you need to run a command console as administrator. Then execute
netstat -ab
The b lists the executable program that is doing the listening. you should be able to match that to the services.
I don't think netstat is selective on the ports, if you are not seeing any beyond 8000 then there is no activity or listening there.
This works on windows. Not sure if this is also the case on unix.
for a programming project I have to do some strange setup. Now, first of all, I have root rights on both servers, and I think an ssh tunnel is the best way (if you have a better idea, please feel free to tell me)
I have to write a piece of software running on an IRC server. That is not difficult, but the IRC server is only reachable on localhost. So I have to ssh to the box first and then use irssi or similar to connect to localhost:6667
Now I tried to do an ssh-tunnel from a second server (where I have irssi running all the time) and then tunnel to the server and use localhost through the tunnel, something like:
ssh -f user#server2 -L 2000:server2:6667 -N
Now this is not working as expected when I use irssi to connect to localhost:2000. I don't understand why, do you have any hint? I would be glad if you could help me.
Regards
Remember that that address you tunnel to (server2:6667 in your case) is from the point of view of the destination. For example: I have a VPS running with ssh installed. If I do ssh -f user#vps -L 2000:localhost:3306 I can connect to the MySql server running on it (which is only listening on the loopback interface).
So assuming the IRC server is running on server2 you should do:
you#server1:~$ ssh -f you#server2 -L 2000:localhost:6667 -N
You can then connect to localhost:2000 (on server1) with your IRC client and get a connection to the IRC-server running on server2.