Port already in use on Linux

Find the listener, process, bind address, and firewall context before killing or restarting anything.

Safest first command

ss -ltnp

Before you run this

Expected output: Listening TCP sockets with local address, port, and process information when permissions allow it.

When not to use it: Do not kill a process just because it owns a port. It may be the intended service, a database, or a supervisor-managed worker.

Expected output example

LISTEN 0 4096 0.0.0.0:3000 0.0.0.0:* users:(("node",pid=4242,fd=23))

How to read the result

The local address shows whether the service is local-only or public. The process field identifies the owner when permissions allow; use sudo if process details are hidden.

Find the listener

Confirm whether the port is bound, whether it is local-only or public, and which process owns it.

ss -ltnp
sudo lsof -nP -iTCP:80 -sTCP:LISTEN

Check service and config context

If Nginx, Apache, Docker, or a dev server owns the port, inspect config and logs before stopping it.

Common causes

Old dev server still running
Nginx/Apache already bound to 80 or 443
Docker published the same host port
Service configured to bind the wrong address
Supervisor restarted the process after it was killed

What not to change yet

Do not kill a PID until you know what service owns it.
Do not change firewall rules before proving the process is listening.
Do not bind a second service to a production port without checking config.

platform notes

Distro and service notes

sudo

Process names may be hidden without elevated permissions.

Docker

docker ps and port mappings can explain listeners that do not look like normal host services.

macOS

Use the Apple Terminal lsof pages for local dev ports.

supporting commands