[HPADM] SUMMARY: Monitor Socket Connection Attempts?
From: Jim Turner (JTurner_at_hertz.com)
To: email@example.com Date: Tue, 6 May 2003 15:02:24 -0500
Thanks to all who replied (listed in chronological order):
Ben Le <firstname.lastname@example.org>
"Bill Hassell" <email@example.com>
"Brett Geer" <firstname.lastname@example.org>
"Ekstrom Christopher A" <EkstromChristopherA@JohnDeere.com>
Dave Ritchie <email@example.com>
Replies as well as my original post appear below. In a nutshell, it was a
mucked-up firewall ACL that jammed traffic coming to us. We used inetd's
logging (inetd -l) to prove what we suspected all along -- we were not
receiving a connection request from the vendor.
Use lsof this is free product and will provide your requirements.
Usage lsof -i:your_port_number it will show all socet connection ( port +
With netstat this is not possible.
Hope it helps.
Start the inet daemon with the "-l" option.
e.g. kill inetd, then: inetd -l
or, edit /etc/rc.config.d/netdaemons to include:
++++++++++ "Ed" <firstname.lastname@example.org>:
In a similar previous experience it turned out that my box was running a
software firewall (ipchains) by default, blocking all or most traffic,
which I didn't know about. Check if yours is doing that too.
Hmmmm , Not quite sure what you want to prove? Lsof will list all
It shouldn't be any problem to specify IP address ( lsof | grep
I bet you what real problem is on firewall ACL is not updated properly. No
connection is made at all. How to prove "attempt" !?
At least you would be able to provide more info. It take just 1-2 minutes
++++++++++ Ben Le <email@example.com>:
Try the following command:
++++++++++ "Bill Hassell" <firstname.lastname@example.org>:
You can use nettl and inetd -l to trace the connections. My guess is that
nothing is reaching
your server because your firewall is preventing the connection. It's easy
to verify this by
simply using telnet from the remote system specifying the port(s) that
will be used
in MQ Series (make sure you know all of them by number). Connection
messages (without any connection records in HP-UX) is a sure sign that the
network is denying access, not HP-UX.
++++++++++ "Brett Geer" <email@example.com>:
best bet I'd think would be tcpdump. It's truely a handy tool
++++++++++ "Ekstrom Christopher A" <EkstromChristopherA@JohnDeere.com>:
If someone hasn't mentioned it already I would try out tcp dump, you can
it from the HPUX Porting and Archive center (UTAH) This will provide a
dynamic connection status which you can drig through to search for the
connection you don't believe is reaching the box.
++++++++++ Dave Ritchie <firstname.lastname@example.org>
try doing a 'telnet machine.hertz.com <socket#>' and see if it shows up
the application logs - if you can do that and you see that connection in
your log, it pretty much implies that the outside connection is not
through, and that there is something 'inbetween' that is not forwarding.
Another way to do this is to place a sniffer on that port and see what
traffic is going across the wire - Linux boxes are useful for doing this.
Good luck with it!
Is this is a TCP or UDP packet, BTW? Most routers don't forward UDP by
I should add that we can connect to the queue in question from a local
server with no problem at all. Sorry for the extra bandwidth for the
Here's the situation: I'm working with an outside vendor that connects to
us via MQ Series through a firewall to a server in our environment. The
vendor says he's making a connection attempt. The LAN guys say they see
the connection attempt at the firewall and that it must be a problem on
"our end" not accepting the connection. However, I never see a socket
connection from the vendor with netstat. Further, it is our contention
that the connection request is never making it to our box.
Is there a good way to reliably monitor/log all TCP connection attempts
(successful and unsuccessful) that my HP-UX box gets?
[Cross-posted to itrc hp-ux forum]
Sr. UNIX Systems Programmer
The Hertz Corporation
"In the beginning of a change, the patriot is a scarce man and brave,
hated and scorned. When his cause succeeds however, the timid join him,
for then it costs nothing to be a patriot." --Mark Twain
-- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact email@example.com Name: firstname.lastname@example.org Owner: email@example.com Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)