Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Challenge] Q1. Process/Port location and kill

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
User avatar
donald
Debian Developer, Site Admin
Debian Developer, Site Admin
Posts: 1133
Joined: 2021-03-30 20:08
Has thanked: 189 times
Been thanked: 249 times

[Challenge] Assignment 1: Process/Port location and kill

#1 Post by donald »

donald wrote:In the admin subforum sometimes we tweak or educate another admins commands mirroring what is done largely in the user forums when someone comes along with a better way to do something. So we thought why not have a, 'Can you solve it better, Admin challenge thread'? Each week an admin (or user selected) will post a thread with a reproducible issue, the solution to that issue, and the series of commands used to solve the problem. Everyone is welcome to showcase a different manner to accomplish the goal. You can show off and teach us all something or learn something new as we add to our repository of knowledge.

Below is an example of the challenge, it is still open for another way to do the process.
Assignment 1: Process/Port location and kill

Today we are working on installing some software which normally runs on port 3000. However another process on this server also uses that port, due to security and other concerns we need to find the process and the port the process is using then kill the process while we retool the software to run on different port.

1) Find the port in use. I am looking for node which can easily by mistaken for nodejs. This requires we are specific to the correct process and port.

We use the socket statistics command (ss -manpage) which shows tcp/ip connections, ports, and sockets, we will then pipe that information through the global regular expression print command (grep -manpage).

$ ss -tunlp | grep node

output:

Code: Select all

tcp   LISTEN 0      511                                    127.0.0.1:9001       0.0.0.0:*    users:(("nodejs",pid=639,fd=28))                               
tcp   LISTEN 0      511                                        [::1]:3000          [::]:*    users:(("node",pid=2705097,fd=23))  
2) We don't want to blindly kill the wrong process so we will use the list open files command (lsof -manpage) for more detail:

lsof -Tf -i:3000

This gives me the following output:

Code: Select all

COMMAND	PID	USER	FD	TYPE	DEVICE		SIZE/OFF	NODE	NAME
node	2705097	process	18u	IPv6	27861570	0t0		TCP	localhost:3000 
3) Now that the process is isolated, we can run lsof again with lesser arguments then pipe its output via xargs to a 'kill -9' command which will kill that exact process using that port.

lsof -t -i:3000 | xargs kill -9

The breakdown of the command separated by commas:

lsof, -t flag for tcp/ip, -i:the port we desire, pipe (pass through to), xargs, kill -9 (kill process immedately).

OR

lsof -t -i:3000 | xargs -I {} kill {}[/list]
Typo perfectionish.


"The advice given above is all good, and just because a new message has appeared it does not mean that a problem has arisen, just that a new gremlin hiding in the hardware has been exposed." - FreewheelinFrank

User avatar
fabien
Forum Helper
Forum Helper
Posts: 768
Joined: 2019-12-03 12:51
Location: Anarres (Toulouse, France actually)
Has thanked: 69 times
Been thanked: 176 times

Re: testing part deux

#2 Post by fabien »

donald wrote: lsof -t -i:3000 | xargs kill -9
Since it is interactive, why not just kill -9 2705097?
donald wrote: Today we are working on installing some software which normally runs on port 3000. However another process on this server also uses that port, due to security and other concerns we need to find the process and the port the process is using then kill the process while we retool the software to run on different port.
It would be nice if the problem was easily reproducible if possible. I use netcat to set up a simple server.

Code: Select all

$> nc -k -l 34567

Code: Select all

$> ss -tunlp | grep "nc"
tcp   LISTEN 0      1                                      0.0.0.0:34567      0.0.0.0:*    users:(("nc",pid=67684,fd=3))
$> lsof -Tf -i:34567
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nc      67684 nofun    3u  IPv4 264109      0t0  TCP *:34567
If I understand correctly, we know the application and we know its port. There is no need to double check unless we don't trust ss or lsof.
lsof is simpler to parse.

Code: Select all

$> myCMD="nc"; declare -i CMDport=34567; mawk -v cmd="$myCMD" -v port=$CMDport '{if ($1==cmd && $NF~":"port"$"){print $2 >"/dev/stdout"; print $0 >"/dev/stderr"}}' < <(lsof -Tf -i:$CMDport) | xargs kill -15
nc      67684 nofun    3u  IPv4 264109      0t0  TCP *:34567
$> lsof -Tf -i:34567
$>
Kills PID and displays the whole line.
Also works if you have multiple instances

Code: Select all

$> myCMD="nc"; declare -i CMDport=34567; mawk -v cmd="$myCMD" -v port=$CMDport '{if ($1==cmd && $NF~":"port"$"){print $2 >"/dev/stdout"; print $0 >"/dev/stderr"}}' < <(lsof -Tf -i:$CMDport) | xargs kill -15
nc      69194 nofun    3u  IPv4 268780      0t0  TCP *:34567 
nc      69204 nofun    3u  IPv4 274448      0t0  TCP *:34567
$> lsof -Tf -i:34567
$>
Last edited by donald on 2024-05-13 18:53, edited 1 time in total.
ImageShare your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots

User avatar
donald
Debian Developer, Site Admin
Debian Developer, Site Admin
Posts: 1133
Joined: 2021-03-30 20:08
Has thanked: 189 times
Been thanked: 249 times

Re: [Challenge] Q1. Process/Port location and kill

#3 Post by donald »

Rule #1. @wizard10000 no weapons allowed. :)
Typo perfectionish.


"The advice given above is all good, and just because a new message has appeared it does not mean that a problem has arisen, just that a new gremlin hiding in the hardware has been exposed." - FreewheelinFrank

User avatar
fabien
Forum Helper
Forum Helper
Posts: 768
Joined: 2019-12-03 12:51
Location: Anarres (Toulouse, France actually)
Has thanked: 69 times
Been thanked: 176 times

Re: [Challenge] Q1. Process/Port location and kill

#4 Post by fabien »

I realize I should have explained the command a bit.

Code: Select all

myCMD="nc"                 ### assign the value "nc" to the myCMD variable
declare -i CMDport=34567   ### declare the CMDport variable as integer and assign it the value 34567
mawk -v cmd="$myCMD" -v port=$CMDport '{if ($1==cmd && $NF~":"port"$"){print $2 >"/dev/stdout"; print $0 >"/dev/stderr"}}' < <(lsof -Tf -i:$CMDport) | xargs kill -15
mawk is an interpreter for the AWK Programming Language.
AWK is a domain-specific language designed for text processing and typically used as a data extraction and reporting tool.
[...]
The language extensively uses [...] regular expressions.
-v cmd="$myCMD" -v port=$CMDport imports shell variables into mawk.
if (condition) {action} the basic structure of an AWK program.
$1 mawk splits the line into fields separated by spaces. $1 is the first field, $2 the second, $NF (Number of Fields) the last, $0 is the entire line.
== relational equality operator, evaluates literally (does not interpret regular expressions)
~ matching (interprets regular expressions)
&& logical and
":"port"$" variables are outside the quotes. $ is a regular expression which means at the end of the expression, so here a line which ends with :34567
print $2 >"/dev/stdout" prints the second field, redirected to standard output. Since standard output is the default, >"/dev/stdout" could have been omitted.
print $0 >"/dev/stderr" prints the entire line to standard error. Unlike stdout which is redirected to the next program through the pipe (|), stderr is echoed to the terminal.

< <(lsof -Tf -i:$CMDport) this process substitution redirects the command output to mawk. In this case, it is an equivalent to the following pipe.
ImageShare your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots

Post Reply