Hello all, here is the summary for issue: "Investigating processes on open ports". Following expressions can be used in order to solve this problem: Listing all the pids: /usr/bin/ps -ef | sed 1d | awk '{print $2}' ( Mapping the files to ports using the PID: /usr/proc/bin/pfiles <PID> 2>/dev/null | /usr/xpg4/bin/grep <PID> or /usr/bin/ps -o pid -o args -p <PID> | sed 1d Mapping the sockname to port using the port number: for i in `ps -e|awk '{print $1}'`; do echo $i; pfiles $i 2>/dev/null | grep 'port: 8080'; done or pfiles -F /proc/* | nawk '/^[0-9]+/ { proc=$2} ; /[s]ockname: AF_INET/ { print proc "\n " $0 }' There were two explanations why "lsof" did not show, what was expected: 1) One thing that might prevent lsof to print all, is if the ports are controlled by inetd or some such (i.e. there is nothing actively listening on them until you try talking to them). Also, try telneting to the port and then run lsof while the telnet session is connected. 2) On Solaris 10, using "lsof -i" to show mapping of processes to TCP ports incorrectly shows all processes that have socket open as using port 65535, for example: sshd 8005 root 8u IPv4 0x60007ebdac0 0t0 TCP *:65535 (LISTEN) sendmail 1116 root 5u IPv4 0x60007ecce00 0t0 TCP *:65535 (LISTEN) This is a known bug in lsof that can _not_ be fixed because of differences between Solaris 10 and previous versions. So the useful "lsof -i :<port>" is now not useful. Many thanks to all of you who gave prompt and useful advices. Kind Regards, Marijan Mumdziev ________________________________ From: sunmanagers-bounces@sunmanagers.org on behalf of Mumdziev, Marijan Sent: Tue 12/12/2006 11:58 To: sunmanagers@sunmanagers.org Subject: Investigating processes on open ports Hello, I was installing jboss 3.2.6. on Solaris 10 SPARC (Sun Netra 100). After installation jboss could not start as some of the needed ports were already opened. I tried to evaluate who uses the open ports with following steps: 1) Jboss reports that he need three ports which are already in use: 1098, 4444, 8080. 2) I try to telnet to these ports and I see that really some process is listening on these ports. 3) I am using netstat to gain some more information about listener on specific ports: 8080, 4444, 1098. This is what I get: bash# netstat -an|grep 8080 *.8080 *.* 0 0 49152 0 LISTEN bash# netstat -an|grep 4444 *.4444 *.* 0 0 49152 0 LISTEN bash# netstat -an|grep 1098 *.1098 *.* 0 0 49152 0 LISTEN 4) I am trying to find out a little bit more with command /usr/local/bin/lsof -i :8080 (4444, 1098), but I do not get any output for these ports. 5) Now I am checking configuration files under /etc and I am searching for configuration file that contains string 4444 or 1098. I do not execute the check for 8080 port, as in the meantime I have found out that this port is used by Oracle-MTS. I am using following command: bash# find . -name '*' -a -type f -exec grep 1098 \{} \; I do not get any output, meaning, no configuration file contains strings which could lead me to some connection to our ports. 6) For the port 1098, I think it is used by sun cluster manager rmiactivation, but I am not sure. Could be Oracle uses this port as well. Nevertheless, I did not get any information about the process which uses these open ports. Eventually I got an impression that all three ports are used by Oracle 10g. How will I find out more information about which processes (PID) is currently using these open ports? Thank you very much for your prompt answer. Best regards, Marijan Mumdziev P.S. "I need to get this machine working as soon as possible. Please help! Send email and I will summarize to the list. :)" _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Dec 13 12:16:36 2006
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:03 EST