What programs are listening to the network?

Sometimes, I’d like to know what programs on my system are listening to the network, and to quote the Perl motto, “there’s more than one way to do it”. On Linux, there’s `lsof -Pi` and `netstat -p`. On Windows XP and Vista, there’s the built-in `netstat -b[v] -a` and a separate utility called [tcpview](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx). I’ve included example usages and outputs.

__lsof__ (Linux)

sudo lsof -Pni

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
python 1886 root 4u IPv4 6621 TCP 127.0.0.1:2207 (LISTEN)
cupsd 1898 root 3u IPv4 6663 TCP 127.0.0.1:631 (LISTEN)
cupsd 1898 root 4u IPv6 6664 TCP [::1]:631 (LISTEN)
cupsd 1898 root 6u IPv4 6667 UDP *:631
sshd 1912 root 3u IPv4 6711 TCP *:22 (LISTEN)
httpd 20084 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20085 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20086 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20087 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20088 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20089 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20090 apache 4u IPv6 7293 TCP *:80 (LISTEN)
httpd 20091 apache 4u IPv6 7293 TCP *:80 (LISTEN)

__netstat__ (Linux)

sudo netstat -lp –inet –numeric-hosts

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1912/sshd
tcp 0 0 127.0.0.1:ipp 0.0.0.0:* LISTEN 1898/cupsd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 1886/python
udp 0 0 0.0.0.0:ipp 0.0.0.0:* 1898/cupsd

Where’s `httpd`? It should be there, and it is, when I exclude the `–inet` option:

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::http :::* LISTEN 2038/httpd
tcp 0 0 ::1:ipp :::* LISTEN 1898/cupsd

__TcpView__ (Windows)

[Download](http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) and start TcpView. From the menu, choose File > Save. Here’s the output from the file.

Process Protocol Local Address Remote Address State
svchost.exe:1064 TCP jareds-xp:epmapi jareds-xp:0 LISTENING
System:4 TCP jareds-xp:microsoft-ds jareds-xp:0 LISTENING
svchost.exe:976 TCP jareds-xp:3389i jareds-xp:0 LISTENING
nxssh.exe:2032 TCP jareds-xp:11000 jareds-xp:0 LISTENING

__netstat__ (Windows)

Note that this runs quite slowly on Windows.

netstat -bva

Active Connections

Proto Local Address Foreign Address State PID
TCP jareds-xp:epmap jareds-xp.mydomain.com:0 LISTENING 1064
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:microsoft-ds jareds-xp.mydomain.com:0 LISTENING 4
— unknown component(s) —
[System]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]

TCP jareds-xp:11000 jareds-xp.mydomain.com:0 LISTENING 2032
[nxssh.exe]

TCP jareds-xp:3389 jareds-xp.mydomain.com:0 LISTENING 976
— unknown component(s) —
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ADVAPI32.dll
[svchost.exe]