1. Overview

When working with Linux, it’s common that we’ll want to kill a process that uses a specific port.

In this tutorial, we’ll review how to identify a process by the port it uses and how to terminate it.

2. Preparing Our Examples

Before we start testing some strategies for identifying and killing processes running on a port, let’s prepare some processes using socat:

$ socat sctp-listen:9999,bind=127.0.0.1 stdout &
[1] 6424
$ socat tcp-listen:9999,bind=127.0.0.1 stdout &
[2] 6431
$ socat udp-listen:9999,bind=127.0.0.1 stdout &
[3] 6438

Here, we’ve created three processes using port 9999 and the protocols SCTP, TCP, and UDP respectively.

3. Using the fuser Command

The fuser command is a great tool for terminating processes**.** We only need to use the -k parameter.

Let’s kill the process using the TCP protocol:

$ fuser -k 9999/tcp
9999/tcp: 6431

Here, the notation 9999/tcp is a shortcut for -n tcp 9999.

When using fuser, we cannot query processes using protocols other than TCP or UDP.

4. Using the kill Command

The kill command is a common command used to terminate processes. However, we’ll need to first identify the PID of the process using a specific port and protocol, and then terminate it.

When talking about the kill command, we’re either talking about the program /bin/kill or the shell builtin kill. Whatever the case, both commands can send a specific signal to a running process.

4.1. lsof Command

lsof is a tool that lists information about files opened by processes.

Let’s combine kill with lsof to kill the process using UDP protocol:

$ lsof -i udp:9999 | awk '/9999/{print $2}' | xargs kill

In the lsof part, we’ve used the -i parameter for filtering the process using the syntax [46][protocol][@hostname|hostaddr][:service|port]. In our case, we’ve used protocol:port

Additionally, we’ve used awk to search the process using port 9999 and to print only the PID. Then, using xargs and kill, we’ve been able to terminate that specific process.

4.2. ss and netstat Commands

Since ss and netstat list the processes using the SCTP protocol, let’s terminate our remaining process:

$ ss -Slp | grep -Po ':9999\s.*pid=\K\d+(?=,)' | xargs kill

For the ss command, we’ve used both -l and -p parameters to show only listening sockets and the PID of the process using that port. Also, we’ve used the -S parameter to display SCTP sockets.

Additionally, because of the output format of ss, we’ve used grep with a regular expression that retrieves only the number between the string pid= and a comma “*,*“.

Similarly, we can use another approach using netstat:

$ netstat -Slp | grep -Po ':9999\s.*LISTEN.*?\K\d+(?=/)' | xargs kill

In this case, we’ve searched for a number between the string LISTEN and the character “*/*“.

As we can see, both ss and netstat support other protocols like DCCP, so they’re great for helps us broaden the vision of our network. However, since netstat is deprecated, we should choose to use the ss command.

5. Conclusion

In this tutorial, we’ve addressed several ways to kill a process using a specific port.

First, we’ve used the fuser command. Finally, we’ve searched for the PID of a process by looking at the port and protocol, and then terminate the associated process with the kill command.