In some situations, you might need to stop a process that is using a specific network port. This can happen if the process is misbehaving, or if you need to free up the port for another application. In this detailed tutorial, we will learn how to kill a process running on a specific port in Linux and Unix-like operating systems.
Table of Contents
Introduction
In Linux, multiple processes can be running simultaneously, each potentially using different network ports for communication. Sometimes, a process may become unresponsive or stuck, causing issues with the application or service it's running. In such cases, you may need to terminate or "kill" the process to free up the port it's using.
Let's say you have an Apache web server running on your Linux machine, and for some reason, it has become unresponsive. Apache typically runs on port 80 (HTTP) or 443 (HTTPS). If you try to access your website and it's not loading, you may need to kill the Apache process and restart it.
So, if you want to find and terminate unresponsive processes listening on a certain port, you can use use the fuser
, lsof
, netstat
, and ss
commands as described in the following sections.
Kill a Process Running on a Particular Port with fuser Command
Killing a process running on a particular port in Linux can be accomplished using a few methods. One common approach is to use the fuser command line utility.
The fuser
(file user) command in Linux is a powerful utility that helps identify processes using specific files, sockets, or file systems. It's particularly useful for troubleshooting issues related to file locking, process management, and system resources.
The fuser
command is part of the psmisc
package, so if it is not available in your Linux system, you may need to install psmisc
package using your system's package manager.
For example, run the following command to install psmisc on Arch Linux and its variants like EndeavourOS, Garuda Linux and Manjaro Linux:
$ sudo pacman -S psmisc
On Debian and Ubuntu and its derivatives systems:
$ sudo apt install psmisc
On Fedora, RHEL, Almalinux and Rocky Linux:
$ sudo dnf install psmisc
On SUSE/openSUSE:
$ sudo zypper install psmisc
Now let us see how to kill a service or process listening on a particular port using fuser
command.
1. Identify the Process Using the Port:
To find out which process is using a particular port, you can use the fuser
command:
fuser <port_number>/tcp
Replace <port_number>
with the actual port number. For example, to check port 8080:
$ fuser 8080/tcp
This command will print the PIDs of any processes that have the TCP port 8080 open.
2. Kill the Process Using the Port:
Once you have the PID, you can kill the process with:
$ fuser -k 8080/tcp
The -k
option will terminate (kill) any processes that have the TCP port 8080 open.
3. List processes bound to a UDP port:
$ fuser 8080/udp
This will list the PIDs of processes that have the UDP port 8080 open.
Please note that when you kill a process, the port it was using may not immediately become available for reuse. Instead, the port enters a TIME_WAIT
state for approximately 60 seconds before being completely closed by the operating system. This delay is a security measure to prevent potential data corruption or conflicts.
If you need to reuse the port sooner, you can configure the new process or application to allow port reuse by setting the appropriate socket options (e.g., SO_REUSEADDR
on Linux).
Kill a Process Running on a Specific Port using lsof Command
The lsof
command is a powerful utility in Linux and Unix-like operating systems that lists information about open files and the processes that have them open.
It stands for "list open files," and it provides a comprehensive view of what files, directories, network sockets, and other system resources are being used by various processes running on the system.
1. Identify the Process ID (PID) Using the Port
First, you need to find out which process is using the port. You can use the lsof
(List Open Files) command to do this.
sudo lsof -i :<port_number>
Replace <port_number>
with the actual port number. For example, if you want to check port 8080, you would run:
$ sudo lsof -i :8080
This command will list the details of the process using port 8080. Look for the PID
column in the output to get the Process ID.
2. Kill the Process Using the PID
Once you have the PID, you can terminate the process using the kill
command.
sudo kill -9 <PID>
Replace <PID>
with the actual Process ID. For example, if the PID is 1234, you would run:
$ sudo kill -9 1234
The -9
option sends a SIGKILL signal, which forcefully stops the process.
Example Scenario
Imagine you are running a web server on port 8080, but you need to restart it because it’s not responding properly. Here’s how you can do it:
Find the Process Using Port 8080:
$ sudo lsof -i :8080
Output might look like this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 1234 user 45u IPv6 65432 0t0 TCP *:http-alt (LISTEN)
Here, the process using port 8080 is a Java application with PID 1234.
Kill the Process:
$ sudo kill -9 1234
This command stops the Java application running on port 8080.
One-liner lsof
Command to Terminate Processes Bound to a Specific Port
You can also use a one-liner to kill a process running on a specific port using lsof
combined with kill
command.
Here's the one-liner lsof
command:
$ kill -9 $(lsof -t -i:8080 -sTCP:LISTEN)
Let's break down this one-liner and understand how it works:
lsof -t -i:8080 -sTCP:LISTEN
: This part of the command useslsof
to list the processes that have the TCP port 8080 open and in theLISTEN
state.
-t
: This option tellslsof
to display only the process IDs (PIDs) of the matching processes.-i:8080
: This option specifies to look for processes using the specified internet address and port (in this case, port 8080).-sTCP:LISTEN
: This option filters the results to only show processes that have TCP sockets in theLISTEN
state (i.e., actively listening on the port).
$(...)
: This part of the command is a subshell, which means that the output of thelsof
command inside the parentheses is captured and substituted in the outer command.kill -9
: This part of the command uses thekill
utility to terminate processes. The-9
option sends theSIGKILL
signal, which is a forceful termination signal that cannot be caught or ignored by the process.
So, what happens is that lsof
first finds the process IDs (PIDs) of any processes that are listening on TCP port 8080. The output (just the PIDs) is then substituted into the kill -9
command, which terminates those processes forcefully.
This one-liner command is concise and efficient, as it combines the process identification and termination steps into a single command.
It's important to use it cautiously, as the SIGKILL
signal can potentially lead to data loss or other unintended consequences if not used properly.
Additionally, as mentioned earlier, killing a process may not immediately free up the port due to the TIME_WAIT
state.
If you need to reuse the port immediately after terminating the process, you may need to configure the new process to allow port reuse or wait for the TIME_WAIT
state to expire (typically 60 seconds on Linux).
Kill a Service Listening on a Particular Port with ss
and netstat
Commands
The ss
(socket statistics) and netstat
(network statistics) commands can also be used to identify services (or processes) listening on specific ports, before terminating them using the kill
command.
Using ss
, netstat
, and grep
together allows you to quickly identify processes listening on specific ports, and then selectively terminate them using the kill
command.
This approach is particularly useful when you need to manage network services or troubleshoot port conflicts on Linux systems.
Let's say you have an instance of the Apache web server running on your Linux machine, and you need to terminate it because it has become unresponsive or you want to free up the port it's using (typically port 80 for HTTP or 443 for HTTPS).
First, let me show you how to do that with netstat
command.
Using netstat
Command
The netstat
command is a command-line utility that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
It has been a part of Linux and Unix-like systems for a long time and is widely used for network troubleshooting and monitoring.
netstat
stands for "network statistics" and is used to display various network-related information.- It can display active TCP connections, routing tables, interface statistics, and more.
netstat
supports various filtering options, such as filtering by protocol, state, port, and more.- It provides information about both incoming and outgoing network connections.
- The output of
netstat
can be more difficult to read and interpret compared toss
.
First, you can use netstat
to list all the processes listening on TCP ports and filter the output to show only the ones related to Apache:
$ sudo netstat -tnlp | grep -i apache
Here,
-t
shows TCP sockets-n
prevents resolving service names-l
shows only listening sockets-p
shows the process ID and name| grep -i apache
filters the output to show lines containing "apache" (case-insensitive)
This should display a line similar to:
tcp6 0 0 :::80 :::* LISTEN 12345/apache2
Here, 12345
is the process ID (PID) of the Apache process listening on port 80.
To terminate this process, you can use the kill
command with the PID:
$ sudo kill 12345
If the process doesn't terminate gracefully, you can use the -9
option to force kill it:
$ sudo kill -9 12345
Using ss
Command
The ss
command is a utility used to investigate sockets on a Linux system. It is an alternative to the older netstat
command and provides more detailed information about network connections, listening sockets, and socket statistics.
ss
stands for "socket statistics" and is used to dump socket statistics and information.- It provides detailed information about TCP, UDP, UNIX domain sockets, and raw sockets.
ss
has a more user-friendly output format compared tonetstat
.- It supports various filtering options, such as filtering by protocol, state, port, and more.
ss
is typically more efficient and faster thannetstat
, as it doesn't have to parse the/proc
filesystem for information.
List all TCP listening processes and filter for Apache:
$ sudo ss -tnlp | grep -i apache
-t
shows TCP sockets-n
prevents resolving service names-l
shows only listening sockets-p
shows the process ID and name| grep -i apache
filters the output to show lines containing "apache" (case-insensitive)
This should display a line similar to:
LISTEN 0 4096 :::80 :::* users:(("apache2",pid=12345,fd=4))
Again, 12345
is the process ID of the Apache process.
Terminate the process using kill
:
$ sudo kill 12345
Or, to force kill:
$ sudo kill -9 12345
In the above examples, we're using netstat
or ss
to identify the Apache web server process listening on port 80 (HTTP), and then terminating it using the kill
command with the corresponding process ID.
This approach can be applied to any other service or process that is listening on a specific port on your Linux system. Just replace "apache" in the grep
command with the name or part of the name of the service you're interested in.
While both ss
and netstat
can be used to obtain information about network connections and sockets, ss
is generally considered more modern and user-friendly. However, netstat
is still widely used and available on most Linux and Unix-like systems.
Again, I strongly recommend you to exercise caution when terminating processes, especially when using the -9
(SIGKILL) option, as it can lead to data loss or other unintended consequences if not used carefully.
Always ensure that you're terminating the correct process and understand the potential implications before executing the kill
command.
Frequently Asked Questions (FAQ)
fuser
command?A: The fuser
(file user) command is used to identify processes that are using specific files, directories, file systems, or network sockets (ports) on a Linux system. It's particularly useful for troubleshooting file locking issues, managing network services, and identifying processes that may be preventing file or directory operations.
fuser
to list processes bound to a specific port?A: To list processes bound to a TCP port, use the command fuser PORT/tcp
. For example, fuser 8080/tcp
will list the process IDs (PIDs) of processes using the TCP port 8080. Similarly, fuser PORT/udp
can be used for UDP ports.
fuser
terminate processes bound to a port?A: Yes, the -k
option in fuser
allows you to terminate (kill) processes associated with the specified resource, such as a file or network socket. For example, fuser -k 8080/tcp
will kill any processes using the TCP port 8080.
lsof
command used for?A: The lsof
(list open files) command is used to list open files and network sockets on a Linux system, along with the processes that have them open. It's useful for identifying processes that have a specific file or port open, which can be helpful in troubleshooting and managing network services.
lsof
to find processes using a specific port?A: To list processes using a specific port with lsof
, use the command lsof -i:PORT
. For example, lsof -i:8080
will list all processes that have the port 8080 open, regardless of the protocol (TCP or UDP).
ss
and netstat
?A: Both ss
(socket statistics) and netstat
(network statistics) are used to display network connections, listening sockets, and socket statistics on Linux systems. However, ss
is generally considered more modern and user-friendly, with a better output format and more efficient implementation. netstat
is an older command but still widely used.
ss
or netstat
to find processes listening on a specific port?A: To list processes listening on a specific port with ss
, use the command ss -tnlp | grep PORT
. For example, ss -tnlp | grep 8080
will list all TCP listening processes on port 8080. For netstat
, use netstat -tnlp | grep PORT
.
ss
or netstat
?A: Yes, you can use a one-liner command to kill a process directly from the output of ss
or netstat
. For example, kill -9 $(lsof -t -i:8080 -sTCP:LISTEN)
will kill any process listening on TCP port 8080.
-9
option in the kill
command?A: The -9
option in the kill
command sends the SIGKILL
signal, which forcefully terminates the process without giving it a chance to clean up or save data. This should be used with caution, as it can lead to data loss or other unintended consequences if not used carefully.
A: When you terminate a process, the port it was using may not immediately become available for reuse. Instead, the port enters a TIME_WAIT
state for approximately 60 seconds before being completely closed by the operating system. This delay is a security measure to prevent potential data corruption or conflicts.
Conclusion
The fuser
, lsof
, netstat
, and ss
commands are powerful tools for managing processes and ports on Linux systems. They provide a convenient way to identify and terminate processes that may be causing issues or conflicts, especially when dealing with network-related applications or services.
You can use them in the following cases:
- Freeing Up a Port: If you need to run another application on the same port.
- Stopping a Misbehaving Process: If an application is not responding or behaving unexpectedly.
- Restarting Services: Sometimes, restarting a service by killing its process is faster than rebooting the server.
While there are certainly other methods to achieve these goals, these four commands are just enough for me to accomplish this task.
I am also open to listening to all your suggestions. Please feel free to mention your suggestions in the comment section below.
Related Read:
- How To Find Which Service Is Listening On A Particular Port
- How To Find The Port Number Of A Service In Linux