Summary: can we trace a listening udp/tcp ports to the underlying applications/program
From: Gold Sun (goldsun8_at_yahoo.com.sg)
Date: 09/17/05
- Previous message: John DiMarco: "Sun Managers Frequently Asked Questions (FAQ)"
- In reply to: Alan Kong: "Summary: Load balance in IP Multipathing not observed on V240 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 17 Sep 2005 15:27:51 +0800 (CST) To: Sun Managers <sunmanagers@sunmanagers.org>
Many thanks for the 30 odd replies. My apologies that this
question can be found in Sunmanager's faq but I've got a few
unique answers which can't be found in the faq.
Have removed as many repeated answers & summarized below:
==============================================
Unfortunately you can't find out the PID with the Solaris netstat
command. Linux will allow you to do this with a netstat -anp.
The p option shows you which media interface.
Either http://www.blastwave.org or http://www.sunfreeware.com will have
it. You may need to install other binaries/libraries to install the
lsof
package. I recommend blastwave.
==============================================
http://dcs.nac.uci.edu/~strombrg/What-program-is-active-on-that-port.html
==============================================
> Will "netstat -anv" give any clue like pid of the daemon that's
> listening on that port etc??
No.
You can install and use 'lsof'. Then you could do something like
'lsof -i :3181' to find processes using that port.
Or (depending on the OS), you could look at the output of 'pfiles
<PID>'
for all processes running on the box to see which ones would be using
that particular port.
==============================================
Get lsof from sunfreeware.com and run:
lsof +M -P | grep LISTEN
==============================================
you could try and see if the process has any files opened against it,
might give you a clue to the app the process belongs too.
lsof -i | grep 24576
you will prob have to load lsof from sunfreeware.
cheers
dan.
==============================================
Download and install "lsof" (sunfreeware)
Example:
# lsof -i -U | egrep "389|ldap"
Gary
==============================================
Try this web site which lists port numbers assigned
http://www.iana.org/assignments/port-numbers
i.e.
esmmanager 5600/tcp Enterprise Security Manager
esmmanager 5600/udp Enterprise Security Manager
3181 isn't listed
You could try using 'lsof' I think it works rather like 'truss' but on
a port or try using snoop for that particular port other than that I am
at a loss
==============================================
OOn recent versions of Solaris, "pfiles" will tell you about each and
every program running which file descriptor matches to what.
cd /proc
pfiles *| more
==============================================
the best way to do that is to use lsof.
download it if you dont have it
lsof |grep 3181 will give you the PID of the process that listens to
that
port.
=============Original question ==============
Date: Thu, 15 Sep 2005 16:22:13 +0800 (CST)
From: "Gold Sun" <goldsun8@yahoo.com.sg>
To: sunmanagers@sunmanagers.org
Subject: can we trace a listening udp/tcp ports to the underlying applications/program
Hi,
I was notified during a vulnerability scan that there are ports that
are open on the Sun servers which I just 'inherited' not too long ago.
Issuing "netstat -an" showed the ports with "listen" state & I can
then search the port number under /etc/services, say "printer" &
then look up /etc/inetd.conf. I can then comment out (prefixing
with #) for the entry in inetd.conf & then restart inetd.
However there's some ports which I cant trace in the above
manner.
# netstat -an
. . .
*.3181 *.* 0 0 24576 0
LISTEN
*.5600 *.* 0 0 24576 0
LISTEN
. . .
# grep 3181 /etc/services
# grep 5600 /etc/services
Will "netstat -anv" give any clue like pid of the daemon that's
listening on that port etc?? I do not have the documentation
from my predecessor who's left. If I can trace it to a specific
application name, say Tivoli Storage Manager, then I can
list it out & tell the auditor this is a required port or if it's some
dubious ones, possibly stop the application & see if it breaks
(if it does, then start it up again).
Sample "netstat -anv" output follows :
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
. . .
10.196.16.12.123 Idle
TCP: IPv4
Local/Remote Address Swind Snext Suna Rwind Rnext Rack
Rto Mss State
-------------------- ----- -------- -------- ----- -------- --------
----- ----- -----
*.3181
*.* 0 00000000 00000000 24576 00000000 00000000
3375 536 LISTEN
*.5600
*.* 0 00000000 00000000 24576 00000000 00000000
3375 536 LISTEN
. . . . .
Thanks
Send instant messages to your online friends http://asia.messenger.yahoo.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: John DiMarco: "Sun Managers Frequently Asked Questions (FAQ)"
- In reply to: Alan Kong: "Summary: Load balance in IP Multipathing not observed on V240 server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
