Under Linux, and BSD systems, in order to find out the owner of a port, the first advice usually given is to use:

lsof -i :portnumber

For example when checking for the SSH port, you’ll get the following results:

$ lsof -i :22
COMMAND    PID   USER FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd      1406   root 6u  IPv4   6746      0t0  TCP *:ssh (LISTEN)

You’ll get information on the command that’s running, the process ID, the user it’s runing as, and many other networking related details.

But lsof Returned nothing!

I had this issue after installing k3s on a local machine. The application that was using port 80 no longer responded to the port. Even restarting the application, the port still didn’t respond how I expected.

Stopping the application, the port still remained considered to be open by nmap. What happened? I pulled out the trust lsof, but that returned no results. Quite a frustrating situation.

What was the issue?

Check to see if the firewall is forwarding the port. If the firewall forwards the port to another port locally, no matter what you have listening to port :80 will bind to the port. If K3S has root access on installs, it will try to take over port 80 to forward to another port it operates on. In this situation, lsof -i is correct, theres no PID associated with that port.

I was lucky that disabling k3s reverted the rule. However, if I wanted to verify this behavior, consider the following stackoverflow answer to view the rules.