How to parse netstat command in order to get process name and PID from it?

Question

I'm trying to determine what application is using certain port and get netstat -tlnp | grep <port> for Linux.

This command return the following output:

(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)   tcp  0  0 0.0.0.0:<port>  0.0.0.0:*  LISTEN  3591/java 

I need to get in result only name of the process and PID, i.e java 3591.

What is best way to do it?

Thank you.

Answer 1

Try

ps -p $(lsof -ti tcp:80) o comm=,pid= 

or

netstat -tlnp | awk '/:80 */ {split($NF,a,"/"); print a[2],a[1]}' 

Answer 2

(Detracting slightly from your original question), to find out which process listens to a certain port number, I usually use the lsof command. For example:

lsof -i tcp:80 

To show only the process name and PID, parse the output using:

lsof | tail -n +2 | awk '{print $1 " " $2}' 

The tail command skips the output header while awk prints out the required columns.

Why lsof

Trying to grep the output of netstat can be messy as you'll need to make sure you're matching against the correct column. A robust solution can be rather long winded and difficult (for me anyway) to produce on-demand.

lsof saves you the trouble of matching the right ports, and has lots of other uses too, e.g. the inverse of what we're doing now (find out which ports are being used by a process), or determining which process is using a file / mount point (or the inverse). See lsof manpage for more examples.