Getting local socket address, foreign address and the owning process on Linux and Windows
I was searching for ways to get details of local address, foreign address, and the owning process on Linux and Windows. I found multiple commands to achieve the same. Here are the ones I used:
On Linux:
#ss -atpn | awk '(NR > 1) { print $4, $5, $NF }'
This would list all TCP sockets and the owning process. You can redirect the same to a file in case if needed.
I used "netstat" on Windows to achieve the same.
for /f "tokens=2,3,5" %i in ('netstat -ano ^| findstr /v "Active Proto"') do @echo %i %j %k
A sample listing is:
...
192.168.43.94:139 0.0.0.0:0 4
192.168.43.94:1093 74.125.135.125:5222 5172
192.168.43.94:1130 15.201.58.50:443 5876
192.168.43.94:1131 15.201.58.50:443 5876
192.168.43.94:1136 15.201.58.50:443 5876
192.168.43.94:1143 15.201.58.50:443 5876
192.168.43.94:1217 15.201.58.50:443 5876
192.168.43.94:1219 15.201.58.50:443 5876
192.168.43.94:1433 15.201.58.50:443 5876
On Linux:
#ss -atpn | awk '(NR > 1) { print $4, $5, $NF }'
This would list all TCP sockets and the owning process. You can redirect the same to a file in case if needed.
I used "netstat" on Windows to achieve the same.
for /f "tokens=2,3,5" %i in ('netstat -ano ^| findstr /v "Active Proto"') do @echo %i %j %k
A sample listing is:
...
192.168.43.94:139 0.0.0.0:0 4
192.168.43.94:1093 74.125.135.125:5222 5172
192.168.43.94:1130 15.201.58.50:443 5876
192.168.43.94:1131 15.201.58.50:443 5876
192.168.43.94:1136 15.201.58.50:443 5876
192.168.43.94:1143 15.201.58.50:443 5876
192.168.43.94:1217 15.201.58.50:443 5876
192.168.43.94:1219 15.201.58.50:443 5876
192.168.43.94:1433 15.201.58.50:443 5876
...
If you want to redirect them to a file use:
for /f "tokens=2,3,5" %i in ('netstat -ano ^| findstr /v "Active Proto"') do @echo %i %j %k >> outfile
Comments