{"id":2190,"date":"2015-05-14T18:20:48","date_gmt":"2015-05-14T17:20:48","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=2190"},"modified":"2020-10-28T18:12:47","modified_gmt":"2020-10-28T18:12:47","slug":"how-to-determine-which-process-or-application-uses-a-tcp-connection","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=2190","title":{"rendered":"How to Determine which Process or Application uses a TCP Connection"},"content":{"rendered":"<p>This recipe shows how to determine which process or application uses a TCP connection which you saw listed in your netstat output. \u00a0The exampe below is for Linux. \u00a0Windows is further down in the post:<\/p>\n<p>In this example, I have a small ARM Linux device being remotely managed via the &#8220;Dataplicity&#8221; service. To use the service you install a script which runs on startup. It seems that the script sets up an SSH connection from the managed ARM device to the dataplicity server, so that when you login to their Admin portal and choose the &#8220;terminal&#8221; option, you access the Linux terminal which is already setup.<\/p>\n<p>The netstat output shows a session outbound from the ARM machine (10.10.0.126) to the dataplicity server (96.126.99.204) on TCP\/443 (SSL):<\/p>\n<blockquote><p>root@raspberrypi:\/# netstat -an | grep &#8216;:443&#8217;<br \/>\ntcp 0 48 10.10.0.126:46098 96.126.99.204:443 ESTABLISHED<\/p><\/blockquote>\n<p>the next step is to find which process(es) use the (source) TCP port 46098:<\/p>\n<p><!--more--><\/p>\n<blockquote><p>root@raspberrypi:\/# fuser 46098\/tcp<br \/>\n46098\/tcp: 2110 2167 2185<\/p><\/blockquote>\n<p>Three processes use that source port. The processes are:<\/p>\n<blockquote><p>root@raspberrypi:\/# ls -l \/proc\/2110\/exe<br \/>\nlrwxrwxrwx 1 root root 0 May 14 16:50 \/proc\/2110\/exe -&gt; \/usr\/bin\/python2.7<br \/>\nroot@raspberrypi:\/# ls -l \/proc\/2167\/exe<br \/>\nlrwxrwxrwx 1 root root 0 May 14 16:50 \/proc\/2167\/exe -&gt; \/bin\/bash<br \/>\nroot@raspberrypi:\/# ls -l \/proc\/2185\/exe<br \/>\nlrwxrwxrwx 1 root root 0 May 14 16:50 \/proc\/2185\/exe -&gt; \/bin\/netstat<\/p><\/blockquote>\n<p>bash and netstat can be explaiined but python also uses it. This is the Dataplicity script:<\/p>\n<blockquote><p>root@raspberrypi:\/# ps -ef | grep 2110<br \/>\nroot 2110 1 3 16:43 ? 00:00:19 \/usr\/bin\/python \/usr\/local\/bin\/d [output was truncated here by the remote console I was using]<br \/>\nroot 2167 2110 0 16:44 pts\/0 00:00:00 \/bin\/bash<br \/>\nroot 2219 2167 0 16:53 pts\/0 00:00:00 grep 2110<\/p><\/blockquote>\n<p>root@raspberrypi:\/# ls \/usr\/local\/bin\/d*<br \/>\n\/usr\/local\/bin\/dataplicity<br \/>\nroot@raspberrypi:\/#<\/p>\n<p><strong>Example using MS\u00a0Windows:<\/strong><\/p>\n<blockquote><p>C:\\Users\\daren.matthews&gt;netstat -a -n -o | find &#8220;10123&#8221;<br \/>\nProto Local Address Foreign Address State PID<br \/>\nTCP 10.44.112.8:49384 10.44.101.113:10123 ESTABLISHED 3768<\/p>\n<p>C:\\Users\\daren.matthews&gt;tasklist | find &#8220;3768&#8221;<br \/>\nCcmExec.exe 3768 Services 0 39,020 K<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>This recipe shows how to determine which process or application uses a TCP connection which you saw listed in your netstat output. \u00a0The exampe below is for Linux. \u00a0Windows is further down in the post: In this example, I have a small ARM Linux device being remotely managed via the &#8220;Dataplicity&#8221; service. To use the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[84,53],"tags":[80],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2190"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2190"}],"version-history":[{"count":6,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2190\/revisions"}],"predecessor-version":[{"id":2241,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2190\/revisions\/2241"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2190"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}