To Determine which processes have listening
ports on AIX
The open source “lsof” tool is great for
determining what process has a port open. Unfortunately lsof isn’t
included with AIX so if you just want to quickly identify which process is
using a port and you don’t have lsof you can use “netstat -Aan”
combined with the “rmsock” command.
For example, lets say I want to identify which process is listening on
port 1334. I would first run:
# netstat -Aan | grep LISTEN | grep
1334
f100050000b05bb8
tcp4 0
0 *.1334 *.* LISTEN
The socket 0xf100050000b05808 is being held by proccess 5767378
(writesrv).
You can see that port 1334 is open by the writesrv process with PID
5767378.
You then take the first column (f100050000b05bb8 in this example) and run the
following command:
# rmsock f100050000b05bb8 tcpcb
ports on AIX
determining what process has a port open. Unfortunately lsof isn’t
included with AIX so if you just want to quickly identify which process is
using a port and you don’t have lsof you can use “netstat -Aan”
combined with the “rmsock” command.
port 1334. I would first run:
1334
tcp4 0
0 *.1334 *.* LISTEN
The socket 0xf100050000b05808 is being held by proccess 5767378
(writesrv).
You can see that port 1334 is open by the writesrv process with PID
5767378.
You then take the first column (f100050000b05bb8 in this example) and run the
following command:
# rmsock f100050000b05bb8 tcpcb
If you want to see all of the TCP listening ports and which processes and PID’s are assigned to them, run the following script:
!/usr/bin/ksh
print
“Port
PID
Process”
netstat -Aan | grep LISTEN | awk ‘{print $1 ” ” $5}’ | while
read pcb port; do
out=`rmsock $pcb tcpcb`
if echo “$out” |
grep “Kernel Extension” > /dev/null; then
printf “%-15s Kernel Extensionn” “$port”
else
pid=`echo “$out” | sed -n ‘s/.*pro[c]*ess ([0-9][0-9]*) .*/1/p’`
if [ -n “$pid” ]; then
proc=`ps -p $pid | tail -n 1 | awk ‘{print $4}’`
printf “%-15s %-16s $procn” “$port” $pid
else
echo “Error, Line not recognized “$out” for Port $port”
fi
fi
done
Here is example output
from the script:
*.13
4063356 inetd
*.21
4063356 inetd
*.23
4063356 inetd
*.25
1835206 sendmail
*.37
4063356 inetd
*.24575
15597582 java
*.111
Kernel Extension
*.199
3539070 snmpdv3ne
*.49293
35389582 rwrun
*.512
4063356 inetd
*.513
4063356 inetd
*.514
4063356 inetd
*.25075
15597582 java
*.657
6095060 rmcd
192.168.1.32.12360
51052606 java
*.25575
15597582 java
*.1334
5570768 writesrv
*.1536
22610158 tnslsnr
*.1641
34472056 tnslsnr
*.2049
Kernel Extension
192.168.1.23.38199 20316174
java
192.168.1.25.39654
25559104 java
*.4458
6750376 httpd
*.6000
5373952 X
*.6000
5373952 X
*.6001
6619338 X
*.6001
6619338 X
*.6112
4063356 inetd
*.55731
Kernel Extension
127.0.0.1.52089 34472056
tnslsnr
!/usr/bin/ksh
print
“Port
PID
Process”
netstat -Aan | grep LISTEN | awk ‘{print $1 ” ” $5}’ | while
read pcb port; do
out=`rmsock $pcb tcpcb`
if echo “$out” |
grep “Kernel Extension” > /dev/null; then
printf “%-15s Kernel Extensionn” “$port”
else
pid=`echo “$out” | sed -n ‘s/.*pro[c]*ess ([0-9][0-9]*) .*/1/p’`
if [ -n “$pid” ]; then
proc=`ps -p $pid | tail -n 1 | awk ‘{print $4}’`
printf “%-15s %-16s $procn” “$port” $pid
else
echo “Error, Line not recognized “$out” for Port $port”
fi
fi
done
“Port
PID
Process”
netstat -Aan | grep LISTEN | awk ‘{print $1 ” ” $5}’ | while
read pcb port; do
out=`rmsock $pcb tcpcb`
if echo “$out” |
grep “Kernel Extension” > /dev/null; then
printf “%-15s Kernel Extensionn” “$port”
else
pid=`echo “$out” | sed -n ‘s/.*pro[c]*ess ([0-9][0-9]*) .*/1/p’`
if [ -n “$pid” ]; then
proc=`ps -p $pid | tail -n 1 | awk ‘{print $4}’`
printf “%-15s %-16s $procn” “$port” $pid
else
echo “Error, Line not recognized “$out” for Port $port”
fi
fi
done
Here is example output
from the script:
4063356 inetd
4063356 inetd
4063356 inetd
1835206 sendmail
4063356 inetd
15597582 java
Kernel Extension
3539070 snmpdv3ne
35389582 rwrun
4063356 inetd
4063356 inetd
4063356 inetd
15597582 java
6095060 rmcd
51052606 java
15597582 java
5570768 writesrv
22610158 tnslsnr
34472056 tnslsnr
Kernel Extension
java
25559104 java
6750376 httpd
5373952 X
5373952 X
6619338 X
6619338 X
4063356 inetd
Kernel Extension
tnslsnr
Recommended Posts
