[ad_1]
To kill a Linux process, you need its ID or its name. If all you know is the port it’s using, can you still kill it? Yes, in several different ways.
slaughter processes
Occasionally a Linux process may stop responding. It may stop working properly, or it may continue to work but ignore shutdown requests or start consuming memory, CPU, or network bandwidth.
Whatever your reasons, there are ways to kill a process from the Linux command line. The classic method is to use the kill command with the ID of the process you want to kill. the kill
commando has some close relatives. the pkill
command will kill a process by name, and killall
will kill all processes it can find that share part of a name.
If all you know about a process is that it’s using a port on your computer, there are still ways to identify and kill it. In network terms, “port” can mean a physical connection where you insert a cable with a plug on the end, such as a CAT5 or 6 network cable, or it can mean a software port.
A software port is the final part of a network connection. The IP address of a device identifies the computer or other network device. Applications within the computer use different ports. These provide another level of granularity. The network traffic has reached the correct computer using the IP address and using port forwarding it can be sent to the correct application.
It is like postal mail that arrives at a hotel, is then sorted and delivered to the appropriate rooms. The IP address is like the street address of the hotel and the room numbers are like the port numbers.
If you see network activity on a port and you don’t recognize the process that is generating it, or if its behavior is problematic or suspicious, you may want to kill the process. Even if all you know is the port number, you can still track down the process and kill it.
Creating connections with socat
So that we have some connections to kill, we’ll use socat
to create network connections using different protocols. you will have to install socat
. To install it on Ubuntu, use this command:
sudo apt install socat
About using Fedora dnf
:
sudo dnf install socat
In Manjaro you need to write:
sudo pacman -S socat
The syntax for socat
It’s simple but a bit wordy. We need to provide the source and destination addresses. For each of these, we need to provide the protocol, IP address, and port number. We can substitute STDIN or STDOUT as source or destination.
This command creates a connection between a listening TCP socket on port 7889, at the loopback IP address of 127.0.0.1, and STDOUT. The sign “&
“Runs the command in the background, so we retain access to the command line.
socat tcp-listen:7889,bind=127.0.0.1 stdout &
We will create two more connections to have a small selection of sockets that use different protocols. We will create a UDP connection and an SCTP connection. The only part of the command that changes is the protocol.
socat udp-listen:7889,bind=127.0.0.1 stdout &
socat sctp-listen:9999,bind=127.0.0.1 stdout &
RELATED: What is the difference between TCP and UDP?
using kill
Of course we can use kill
to kill the process, as long as we know what the process ID is. To find the PID, we can use the lsof
domain.
To list the details of the process on port 7889 that use the TCP protocol, we use the -i
(Internet address), like this.
lsof -i tcp:7889
The PID of this process is 3141, and we can go ahead and use it with kill
:
sudo kill 3141
We can save ourselves a bit of effort if we use pipes. If we pipe the output of lsof
within awk
and say awk
to look for lines that contain the port of interest, 7889, and print the second field on that line, we’ll isolate the PID.
lsof -i tcp:7889 | awk '/7889/{print $2}'
Then we can pipe the output of awk
in the kill
command using xargs
. the xargs
The command takes its piped input and passes it to another command as command line parameters. we will use xargs
with the kill
domain.
lsof -i tcp:7889 | awk '/7889/{print $2}' | xargs kill
We do not receive any visual feedback. In typical Linux fashion, no news is good news. If you want to verify that the process has finished, you can use lsof
one more time.
lsof -i tcp:7889
Because lsof
does not report anything, we know there is no such connection.
We can kill a process using the UDP protocol by simply replacing “tcp” with “udp” in our command above.
lsof -i udp:7889 | awk '/7889/{print $2}' | xargs kill
Nevertheless, lsof
does not recognize the SCTP protocol.
lsof -i sctp:7889
We can use the ss
command to do that. we are using the -S
(SCTP) to search for SCTP sockets, the -a
(all) to search for all types of sockets (listening, accepting, connected, etc.), and the -p
(processes) option to list process details using the socket.
ss -Sap
We can parse that output using grep
Y awk
. We could also parse it using grep
and some PERL regular expressions, but it’s much easier to understand this way. If I were going to use this more than once or twice, I’d probably make an alias or shell function.
We will pipe the output of ss
within grep
and look for our port number, 7889. We will pipe the output of grep
within awk
. In awk
we are using the -F
(separator string) option to set a comma “,
“As the field delimiter. We are looking for a string containing “Pid =” and print the second comma-delimited field of that string.
ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}'
That has given us the string “pid = 2859”.
We can pipe that into awk
again, set the field delimiter to the equal sign “=
”And print the second field of that string, which will be the text after the equals sign.
ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}' | awk -F'=' '{print $2}'
Now we have isolated the process ID. we can use xargs
to pass the PID to kill
as a command line parameter.
ss -Sap | grep "7889" | awk -F',' '/pid=/{print $2}' | awk -F'=' '{print $2}' | xargs kill
That kills the process that was using the SCTP protocol socket on port 7889.
The fuser command
the fuser
command simplifies things a lot. The downside is that it only works with TCP and UDP sockets. On the plus side, those are the two most common types of plugs you’ll have to deal with. the fuser
The command was already installed on the Ubuntu, Fedora, and Manjaro computers we checked.
All you need to do is use the -k
(kill) and provide the port and protocol. you can use the -n
(namespace) and provide the protocol and port, or use the “slash shortcut format” and put the port number first.
fuser -n tcp 7889
fuser 7889/udp
The port number, protocol, and PID of the terminated process are printed to the terminal window.
Try the melter first
It will probably be installed on the computer you’re working on, and the protocol is likely to be TCP or UDP, so there’s a good chance the simplest way will work for you.
[ad_2]