How to kill a linux process by port number

0
364

[ad_1]

fatmawati achmad zaenuri / Shutterstock.com

To kill a Linux process, you need its ID or its name. If all you know is the port it’s using, can you still kill it? Yes, in several different ways.

slaughter processes

Occasionally a Linux process may stop responding. It may stop working properly, or it may continue to work but ignore shutdown requests or start consuming memory, CPU, or network bandwidth.

Whatever your reasons, there are ways to kill a process from the Linux command line. The classic method is to use the kill command with the ID of the process you want to kill. the kill commando has some close relatives. the pkill command will kill a process by name, and killall will kill all processes it can find that share part of a name.

If all you know about a process is that it’s using a port on your computer, there are still ways to identify and kill it. In network terms, “port” can mean a physical connection where you insert a cable with a plug on the end, such as a CAT5 or 6 network cable, or it can mean a software port.

A software port is the final part of a network connection. The IP address of a device identifies the computer or other network device. Applications within the computer use different ports. These provide another level of granularity. The network traffic has reached the correct computer using the IP address and using port forwarding it can be sent to the correct application.

It is like postal mail that arrives at a hotel, is then sorted and delivered to the appropriate rooms. The IP address is like the street address of the hotel and the room numbers are like the port numbers.

If you see network activity on a port and you don’t recognize the process that is generating it, or if its behavior is problematic or suspicious, you may want to kill the process. Even if all you know is the port number, you can still track down the process and kill it.

Creating connections with socat

So that we have some connections to kill, we’ll use socat to create network connections using different protocols. you will have to install socat . To install it on Ubuntu, use this command:

sudo apt install socat

Installing socat on Ubuntu

About using Fedora dnf:

sudo dnf install socat

Installing socat on Fedora

In Manjaro you need to write:

sudo pacman -S socat

Socat installation in Manjaro

The syntax for socat It’s simple but a bit wordy. We need to provide the source and destination addresses. For each of these, we need to provide the protocol, IP address, and port number. We can substitute STDIN or STDOUT as source or destination.

This command creates a connection between a listening TCP socket on port 7889, at the loopback IP address of 127.0.0.1, and STDOUT. The sign “&“Runs the command in the background, so we retain access to the command line.

socat tcp-listen:7889,bind=127.0.0.1 stdout &

Creating a listening TCP socket connection with socat

We will create two more connections to have a small selection of sockets that use different protocols. We will create a UDP connection and an SCTP connection. The only part of the command that changes is the protocol.

socat udp-listen:7889,bind=127.0.0.1 stdout &
socat sctp-listen:9999,bind=127.0.0.1 stdout &

Creating listening UDP and SCTP socket connections with socat

RELATED: What is the difference between TCP and UDP?

using kill

Of course we can use kill to kill the process, as long as we know what the process ID is. To find the PID, we can use the lsof domain.

To list the details of the process on port 7889 that use the TCP protocol, we use the -i (Internet address), like this.

lsof -i tcp:7889

Using lsof to display the details of a process using a specific port and protocol

The PID of this process is 3141, and we can go ahead and use it with kill:

sudo kill 3141

We can save ourselves a bit of effort if we use pipes. If we pipe the output of lsof within awk and say awk to look for lines that contain the port of interest, 7889, and print the second field on that line, we’ll isolate the PID.

lsof -i tcp:7889 | awk '/7889/{print $2}'

Piping the output of lsof in awk

Then we can pipe the output of awk in the kill command using xargs. the xargs The command takes its piped input and passes it to another command as command line parameters. we will use xargs with the kill domain.

lsof -i tcp:7889 | awk '/7889/{print $2}' | xargs kill

Using pipes to get output from lsof to awk and from awk to xargs and kill

We do not receive any visual feedback. In typical Linux fashion, no news is good news. If you want to verify that the process has finished, you can use lsof one more time.

lsof -i tcp:7889

Using lsof to look up details of a process using a specific port and protocol without success

Because lsof does not report anything, we know there is no such connection.

We can kill a process using the UDP protocol by simply replacing “tcp” with “udp” in our command above.

lsof -i udp:7889 | awk '/7889/{print $2}' | xargs kill

Using pipes to get output from lsof to awk and from awk to xargs and kill, for a UDP socket

Nevertheless, lsof does not recognize the SCTP protocol.

lsof -i sctp:7889

lsof does not work with SCTP protocol

We can use the ss command to do that. we are using the -S (SCTP) to search for SCTP sockets, the -a (all) to search for all types of sockets (listening, accepting, connected, etc.), and the -p (processes) option to list process details using the socket.

ss -Sap

Print the details of a process using an SCTP socket with ss

We can parse that output using grep Y awk . We could also parse it using grep and some PERL regular expressions, but it’s much easier to understand this way. If I were going to use this more than once or twice, I’d probably make an alias or shell function.

We will pipe the output of ss within grep and look for our port number, 7889. We will pipe the output of grep within awk. In awkwe are using the -F (separator string) option to set a comma “,“As the field delimiter. We are looking for a string containing “Pid =” and print the second comma-delimited field of that string.

ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}'

Using pipes to connect ss, grep and awk to extract the PID string

That has given us the string “pid = 2859”.

We can pipe that into awk again, set the field delimiter to the equal sign “=”And print the second field of that string, which will be the text after the equals sign.

ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}' | awk -F'=' '{print $2}'

Using pipes to connect ss, grep and awk twice, to extract the PID

Now we have isolated the process ID. we can use xargs to pass the PID to kill as a command line parameter.

ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}' | awk -F'=' '{print $2}' | xargs kill

Using pipes with ss, grep, awk, and xargs to terminate an SCTP socket process

That kills the process that was using the SCTP protocol socket on port 7889.

The fuser command

the fuser command simplifies things a lot. The downside is that it only works with TCP and UDP sockets. On the plus side, those are the two most common types of plugs you’ll have to deal with. the fuser The command was already installed on the Ubuntu, Fedora, and Manjaro computers we checked.

All you need to do is use the -k (kill) and provide the port and protocol. you can use the -n (namespace) and provide the protocol and port, or use the “slash shortcut format” and put the port number first.

fuser -n tcp 7889
fuser 7889/udp

Using the fuser command to kill processes using TCP and UDP sockets

The port number, protocol, and PID of the terminated process are printed to the terminal window.

Try the melter first

It will probably be installed on the computer you’re working on, and the protocol is likely to be TCP or UDP, so there’s a good chance the simplest way will work for you.

[ad_2]