Home Linux Networking How To Kill A Process Running On A Specific Port In Linux

How To Kill A Process Running On A Specific Port In Linux

Different Ways to Identify and Terminate Unresponsive Processes Listening on Specific Ports in Linux and Unix.

By sk
Published: Updated: 2.4K views

In some situations, you might need to stop a process that is using a specific network port. This can happen if the process is misbehaving, or if you need to free up the port for another application. In this detailed tutorial, we will learn how to kill a process running on a specific port in Linux and Unix-like operating systems.

Introduction

In Linux, multiple processes can be running simultaneously, each potentially using different network ports for communication. Sometimes, a process may become unresponsive or stuck, causing issues with the application or service it's running. In such cases, you may need to terminate or "kill" the process to free up the port it's using.

Let's say you have an Apache web server running on your Linux machine, and for some reason, it has become unresponsive. Apache typically runs on port 80 (HTTP) or 443 (HTTPS). If you try to access your website and it's not loading, you may need to kill the Apache process and restart it.

So, if you want to find and terminate unresponsive processes listening on a certain port, you can use use the fuser, lsof, netstat, and ss commands as described in the following sections.

Kill a Process Running on a Particular Port with fuser Command

Killing a process running on a particular port in Linux can be accomplished using a few methods. One common approach is to use the fuser command line utility.

The fuser (file user) command in Linux is a powerful utility that helps identify processes using specific files, sockets, or file systems. It's particularly useful for troubleshooting issues related to file locking, process management, and system resources.

The fuser command is part of the psmisc package, so if it is not available in your Linux system, you may need to install psmisc package using your system's package manager.

For example, run the following command to install psmisc on Arch Linux and its variants like EndeavourOS, Garuda Linux and Manjaro Linux:

$ sudo pacman -S psmisc

On Debian and Ubuntu and its derivatives systems:

$ sudo apt install psmisc

On Fedora, RHEL, Almalinux and Rocky Linux:

$ sudo dnf install psmisc

On SUSE/openSUSE:

$ sudo zypper install psmisc

Now let us see how to kill a service or process listening on a particular port using fuser command.

1. Identify the Process Using the Port:

To find out which process is using a particular port, you can use the fuser command:

fuser <port_number>/tcp

Replace <port_number> with the actual port number. For example, to check port 8080:

$ fuser 8080/tcp

This command will print the PIDs of any processes that have the TCP port 8080 open.

2. Kill the Process Using the Port:

Once you have the PID, you can kill the process with:

$ fuser -k 8080/tcp

The -k option will terminate (kill) any processes that have the TCP port 8080 open.

3. List processes bound to a UDP port:

$ fuser 8080/udp

This will list the PIDs of processes that have the UDP port 8080 open.

Please note that when you kill a process, the port it was using may not immediately become available for reuse. Instead, the port enters a TIME_WAIT state for approximately 60 seconds before being completely closed by the operating system. This delay is a security measure to prevent potential data corruption or conflicts.

If you need to reuse the port sooner, you can configure the new process or application to allow port reuse by setting the appropriate socket options (e.g., SO_REUSEADDR on Linux).

Kill a Process Running on a Specific Port using lsof Command

The lsof command is a powerful utility in Linux and Unix-like operating systems that lists information about open files and the processes that have them open.

It stands for "list open files," and it provides a comprehensive view of what files, directories, network sockets, and other system resources are being used by various processes running on the system.

1. Identify the Process ID (PID) Using the Port

First, you need to find out which process is using the port. You can use the lsof (List Open Files) command to do this.

sudo lsof -i :<port_number>

Replace <port_number> with the actual port number. For example, if you want to check port 8080, you would run:

$ sudo lsof -i :8080

This command will list the details of the process using port 8080. Look for the PID column in the output to get the Process ID.

2. Kill the Process Using the PID

Once you have the PID, you can terminate the process using the kill command.

sudo kill -9 <PID>

Replace <PID> with the actual Process ID. For example, if the PID is 1234, you would run:

$ sudo kill -9 1234

The -9 option sends a SIGKILL signal, which forcefully stops the process.

Example Scenario

Imagine you are running a web server on port 8080, but you need to restart it because it’s not responding properly. Here’s how you can do it:

Find the Process Using Port 8080:

$ sudo lsof -i :8080

Output might look like this:

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java      1234 user   45u  IPv6  65432      0t0  TCP *:http-alt (LISTEN)

Here, the process using port 8080 is a Java application with PID 1234.

Kill the Process:

$ sudo kill -9 1234

This command stops the Java application running on port 8080.

One-liner lsof Command to Terminate Processes Bound to a Specific Port

You can also use a one-liner to kill a process running on a specific port using lsof combined with kill command.

Here's the one-liner lsof command:

$ kill -9 $(lsof -t -i:8080 -sTCP:LISTEN)

Let's break down this one-liner and understand how it works:

  1. lsof -t -i:8080 -sTCP:LISTEN: This part of the command uses lsof to list the processes that have the TCP port 8080 open and in the LISTEN state.
  • -t: This option tells lsof to display only the process IDs (PIDs) of the matching processes.
  • -i:8080: This option specifies to look for processes using the specified internet address and port (in this case, port 8080).
  • -sTCP:LISTEN: This option filters the results to only show processes that have TCP sockets in the LISTEN state (i.e., actively listening on the port).
  1. $(...): This part of the command is a subshell, which means that the output of the lsof command inside the parentheses is captured and substituted in the outer command.
  2. kill -9: This part of the command uses the kill utility to terminate processes. The -9 option sends the SIGKILL signal, which is a forceful termination signal that cannot be caught or ignored by the process.

So, what happens is that lsof first finds the process IDs (PIDs) of any processes that are listening on TCP port 8080. The output (just the PIDs) is then substituted into the kill -9 command, which terminates those processes forcefully.

This one-liner command is concise and efficient, as it combines the process identification and termination steps into a single command.

It's important to use it cautiously, as the SIGKILL signal can potentially lead to data loss or other unintended consequences if not used properly.

Additionally, as mentioned earlier, killing a process may not immediately free up the port due to the TIME_WAIT state.

If you need to reuse the port immediately after terminating the process, you may need to configure the new process to allow port reuse or wait for the TIME_WAIT state to expire (typically 60 seconds on Linux).

Kill a Service Listening on a Particular Port with ss and netstat Commands

The ss (socket statistics) and netstat (network statistics) commands can also be used to identify services (or processes) listening on specific ports, before terminating them using the kill command.

Using ss, netstat, and grep together allows you to quickly identify processes listening on specific ports, and then selectively terminate them using the kill command.

This approach is particularly useful when you need to manage network services or troubleshoot port conflicts on Linux systems.

Let's say you have an instance of the Apache web server running on your Linux machine, and you need to terminate it because it has become unresponsive or you want to free up the port it's using (typically port 80 for HTTP or 443 for HTTPS).

First, let me show you how to do that with netstat command.

Using netstat Command

The netstat command is a command-line utility that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

It has been a part of Linux and Unix-like systems for a long time and is widely used for network troubleshooting and monitoring.

  • netstat stands for "network statistics" and is used to display various network-related information.
  • It can display active TCP connections, routing tables, interface statistics, and more.
  • netstat supports various filtering options, such as filtering by protocol, state, port, and more.
  • It provides information about both incoming and outgoing network connections.
  • The output of netstat can be more difficult to read and interpret compared to ss.

First, you can use netstat to list all the processes listening on TCP ports and filter the output to show only the ones related to Apache:

$ sudo netstat -tnlp | grep -i apache

Here,

  • -t shows TCP sockets
  • -n prevents resolving service names
  • -l shows only listening sockets
  • -p shows the process ID and name
  • | grep -i apache filters the output to show lines containing "apache" (case-insensitive)

This should display a line similar to:

tcp6       0      0 :::80                   :::*                    LISTEN      12345/apache2

Here, 12345 is the process ID (PID) of the Apache process listening on port 80.

To terminate this process, you can use the kill command with the PID:

$ sudo kill 12345

If the process doesn't terminate gracefully, you can use the -9 option to force kill it:

$ sudo kill -9 12345

Using ss Command

The ss command is a utility used to investigate sockets on a Linux system. It is an alternative to the older netstat command and provides more detailed information about network connections, listening sockets, and socket statistics.

  • ss stands for "socket statistics" and is used to dump socket statistics and information.
  • It provides detailed information about TCP, UDP, UNIX domain sockets, and raw sockets.
  • ss has a more user-friendly output format compared to netstat.
  • It supports various filtering options, such as filtering by protocol, state, port, and more.
  • ss is typically more efficient and faster than netstat, as it doesn't have to parse the /proc filesystem for information.

List all TCP listening processes and filter for Apache:

$ sudo ss -tnlp | grep -i apache
  • -t shows TCP sockets
  • -n prevents resolving service names
  • -l shows only listening sockets
  • -p shows the process ID and name
  • | grep -i apache filters the output to show lines containing "apache" (case-insensitive)

This should display a line similar to:

LISTEN 0      4096                 :::80                  :::*      users:(("apache2",pid=12345,fd=4))

Again, 12345 is the process ID of the Apache process.

Terminate the process using kill:

$ sudo kill 12345

Or, to force kill:

$ sudo kill -9 12345

In the above examples, we're using netstat or ss to identify the Apache web server process listening on port 80 (HTTP), and then terminating it using the kill command with the corresponding process ID.

This approach can be applied to any other service or process that is listening on a specific port on your Linux system. Just replace "apache" in the grep command with the name or part of the name of the service you're interested in.

While both ss and netstat can be used to obtain information about network connections and sockets, ss is generally considered more modern and user-friendly. However, netstat is still widely used and available on most Linux and Unix-like systems.

Again, I strongly recommend you to exercise caution when terminating processes, especially when using the -9 (SIGKILL) option, as it can lead to data loss or other unintended consequences if not used carefully.

Always ensure that you're terminating the correct process and understand the potential implications before executing the kill command.

Frequently Asked Questions (FAQ)

Q: What is the purpose of the fuser command?

A: The fuser (file user) command is used to identify processes that are using specific files, directories, file systems, or network sockets (ports) on a Linux system. It's particularly useful for troubleshooting file locking issues, managing network services, and identifying processes that may be preventing file or directory operations.

Q: How can I use fuser to list processes bound to a specific port?

A: To list processes bound to a TCP port, use the command fuser PORT/tcp. For example, fuser 8080/tcp will list the process IDs (PIDs) of processes using the TCP port 8080. Similarly, fuser PORT/udp can be used for UDP ports.

Q: Can fuser terminate processes bound to a port?

A: Yes, the -k option in fuser allows you to terminate (kill) processes associated with the specified resource, such as a file or network socket. For example, fuser -k 8080/tcp will kill any processes using the TCP port 8080.

Q: What is the lsof command used for?

A: The lsof (list open files) command is used to list open files and network sockets on a Linux system, along with the processes that have them open. It's useful for identifying processes that have a specific file or port open, which can be helpful in troubleshooting and managing network services.

Q: How can I use lsof to find processes using a specific port?

A: To list processes using a specific port with lsof, use the command lsof -i:PORT. For example, lsof -i:8080 will list all processes that have the port 8080 open, regardless of the protocol (TCP or UDP).

Q: What are the differences between ss and netstat?

A: Both ss (socket statistics) and netstat (network statistics) are used to display network connections, listening sockets, and socket statistics on Linux systems. However, ss is generally considered more modern and user-friendly, with a better output format and more efficient implementation. netstat is an older command but still widely used.

Q: How can I use ss or netstat to find processes listening on a specific port?

A: To list processes listening on a specific port with ss, use the command ss -tnlp | grep PORT. For example, ss -tnlp | grep 8080 will list all TCP listening processes on port 8080. For netstat, use netstat -tnlp | grep PORT.

Q: Can I kill a process directly from the output of ss or netstat?

A: Yes, you can use a one-liner command to kill a process directly from the output of ss or netstat. For example, kill -9 $(lsof -t -i:8080 -sTCP:LISTEN) will kill any process listening on TCP port 8080.

Q: What is the significance of the -9 option in the kill command?

A: The -9 option in the kill command sends the SIGKILL signal, which forcefully terminates the process without giving it a chance to clean up or save data. This should be used with caution, as it can lead to data loss or other unintended consequences if not used carefully.

Q: Why might a port not be immediately available for reuse after terminating a process?

A: When you terminate a process, the port it was using may not immediately become available for reuse. Instead, the port enters a TIME_WAIT state for approximately 60 seconds before being completely closed by the operating system. This delay is a security measure to prevent potential data corruption or conflicts.

Conclusion

The fuser, lsof, netstat, and ss commands are powerful tools for managing processes and ports on Linux systems. They provide a convenient way to identify and terminate processes that may be causing issues or conflicts, especially when dealing with network-related applications or services.

You can use them in the following cases:

  • Freeing Up a Port: If you need to run another application on the same port.
  • Stopping a Misbehaving Process: If an application is not responding or behaving unexpectedly.
  • Restarting Services: Sometimes, restarting a service by killing its process is faster than rebooting the server.

While there are certainly other methods to achieve these goals, these four commands are just enough for me to accomplish this task.

I am also open to listening to all your suggestions. Please feel free to mention your suggestions in the comment section below.


Related Read:


You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More