To Determine which processes have listening ports on AIX
The open source "lsof" tool is great for determining what process has a port open. Unfortunately lsof isn't included with AIX so if you just want to quickly identify which process is using a port and you don't have lsof you can use "netstat -Aan" combined with the "rmsock" command.
For example, lets say I want to identify which process is listening on port 1334. I would first run:
# netstat -Aan | grep LISTEN | grep 1334
f100050000b05bb8 tcp4 0 0 *.1334 *.* LISTEN
The socket 0xf100050000b05808 is being held by proccess 5767378 (writesrv).
You can see that port 1334 is open by the writesrv process with PID 5767378.
You then take the first column (f100050000b05bb8 in this example) and run the following command:
# rmsock f100050000b05bb8 tcpcb
If you want to see all of the TCP listening ports and which processes and PID's are assigned to them, run the following script:
The socket 0xf100050000b05808 is being held by proccess 5767378 (writesrv).
You can see that port 1334 is open by the writesrv process with PID 5767378.
You then take the first column (f100050000b05bb8 in this example) and run the following command:
# rmsock f100050000b05bb8 tcpcb
!/usr/bin/ksh
netstat -Aan | grep LISTEN | awk '{print $1 " " $5}' | while read pcb port; do
out=`rmsock $pcb tcpcb`
if echo "$out" | grep "Kernel Extension" > /dev/null; then
printf "%-15s Kernel Extension\n" "$port"
else
pid=`echo "$out" | sed -n 's/.*pro[c]*ess \([0-9][0-9]*\) .*/\1/p'`
if [ -n "$pid" ]; then
proc=`ps -p $pid | tail -n 1 | awk '{print $4}'`
printf "%-15s %-16s $proc\n" "$port" $pid
else
echo "Error, Line not recognized \"$out\" for Port $port"
fi
fi
done
Here is example output from the script:
*.13 4063356 inetd
*.21 4063356 inetd
!/usr/bin/ksh
print "Port PID Process"
netstat -Aan | grep LISTEN | awk '{print $1 " " $5}' | while read pcb port; do
out=`rmsock $pcb tcpcb`
if echo "$out" | grep "Kernel Extension" > /dev/null; then
printf "%-15s Kernel Extension\n" "$port"
else
pid=`echo "$out" | sed -n 's/.*pro[c]*ess \([0-9][0-9]*\) .*/\1/p'`
if [ -n "$pid" ]; then
proc=`ps -p $pid | tail -n 1 | awk '{print $4}'`
printf "%-15s %-16s $proc\n" "$port" $pid
else
echo "Error, Line not recognized \"$out\" for Port $port"
fi
fi
done
netstat -Aan | grep LISTEN | awk '{print $1 " " $5}' | while read pcb port; do
out=`rmsock $pcb tcpcb`
if echo "$out" | grep "Kernel Extension" > /dev/null; then
printf "%-15s Kernel Extension\n" "$port"
else
pid=`echo "$out" | sed -n 's/.*pro[c]*ess \([0-9][0-9]*\) .*/\1/p'`
if [ -n "$pid" ]; then
proc=`ps -p $pid | tail -n 1 | awk '{print $4}'`
printf "%-15s %-16s $proc\n" "$port" $pid
else
echo "Error, Line not recognized \"$out\" for Port $port"
fi
fi
done
Here is example output from the script:
*.13 4063356 inetd
No comments:
Post a Comment