- Identify process using a TCP socket:fuser -n tcp [port]
fuser [-fuv] [-a|-s] [-4|-6] [-c|-m|-n space] [ -k [-i] [-M] [-w] [-SIGNAL] ] name ... fuser -l fuser -V
fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:
fuser returns a non-zero return code if none of the specified files is accessed or in case of a fatal error. If at least one access has been found, fuser returns zero.
In order to look up processes using TCP and UDP sockets, the corresponding name space has to be selected with the -n option. By default fuser will look in both IPv6 and IPv4 sockets. To change the default, behavior, use the -4 and -6 options. The socket(s) can be specified by the local and remote port, and the remote address. All fields are optional, but commas in front of missing fields must be present:
Either symbolic or numeric values can be used for IP addresses and port numbers.
fuser outputs only the PIDs to stdout, everything else is sent to stderr.
Verbose mode. Processes are shown in a ps-like style. The fields PID, USER and COMMAND are similar to ps. ACCESS shows how the process accesses the file. Verbose mode will also show when a particular file is being access as a mount point, knfs export or swap file. In this case kernel is shown instead of the PID.
Processes accessing the same file or file system several times in the same way are only shown once.
If the same object is specified several times on the command line, some of those entries may be ignored.
fuser may only be able to gather partial information unless run with privileges. As a consequence, files opened by processes belonging to other users may not be listed and executables may be classified as mapped only.
Installing fuser SUID root will avoid problems associated with partial information, but may be undesirable for security and privacy reasons.
udp and tcp name spaces, and UNIX domain sockets can't be searched with kernels older than 1.3.78.
Accesses by the kernel are only shown with the -v option.
The -k option only works on processes. If the user is the kernel, fuser will print an advice, but take no action beyond that.
fuser -m /dev/sgX will show (or kill with the -k flag) all processes, even if you don't have that device configured. There may be other devices it does this for too.
fuser cannot report on any processes that it doesn't have permission to look at the file descriptor table for. The most common time this problem occurs is when looking for TCP or UDP sockets when running fuser as a non-root user. In this case fuser will report no access
The mount -m option will match any file within the save device as the specified file, use the -M option as well if you mean to specify only the mount point.
kill(1), killall(1), lsof(8), pkill(1), ps(1), kill(2).