Tuesday, January 12, 2016

Solaris 11.2 – using netstat in liu of lsof

Most of the time we are in situation to find the process which is holding the same port which may cause the application issues. This post will help us whenever we are in same position. Yes, we can find the  process with using port in different methods. Let we start to search it.....
root@solaris-1# ndd /dev/tcp tcp_listen_hash
    TCP            zone IP addr         port  seqnum   backlog (q0/q/max)
----skipped------
281 ffffffff81d46440 0 ::ffff:127.0.0.1 00025 00000000 0/0/16
----skipped------
 
From the above output we can find the process of the port 25, please follow the below steps
 
root@solaris-1# mdb -k
Loading modules:[unix krtld genunix specfs dtrace cpu.generic uppc pcplusmp ufs md mpt ip hook neti sctp arp usba fctl nca lofs audiosup cpc fcip random crypto zfs logindmux ptm sppp sata nfs]
> 
> ffffffff81d46440::print tcp_t tcp_rq
tcp_rq = 0xffffffff8961f028
> 
> 0xffffffff8961f028::q2stream
ffffffff87052e10
> 
> ffffffff87052e10$ 0xffffffff874bc780::whereopen
file ffffffff893689d8
ffffffff88dc8900
> 
> ffffffff88dc8900::ps
S    PID   PPID   PGID    SID    UID      FLAGS             ADDR NAME
R    935      1    935    935      0 0x52010000 ffffffff88dc8900 sendmail
> 
root@solaris-1#
 
Yes!!! We have found the process (sendmail) which using the port 25
We can use lsof utility to find the process with using port. Although lsof will not be available on all Solaris server, we have to install the lsof package. NOTE: This utility can't be used in Non-global zones.
 
root@solaris-1# /usr/local/bin/lsof -i :25
lsof: WARNING: access /.lsof_solaris-1: No such file or directory
lsof: WARNING: created device cache file: /.lsof_solaris-1
COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
sendmail 935 root    5u  IPv4 0xffffffff81d46240      0t0  TCP localhost:smtp (LISTEN)
root@solaris-1#
 
Yes, we have found the process with using port by using lsof utility.
Now our concern would be how to check the process with using port in non-global zone level. Yes, we have the option to do that by using our customized script. Please follow the steps...
 
root@solaris-1# cat /var/tmp/check_port.sh
#!/bin/ksh
 
CODE='---------------------------------------------'
PID=$(/usr/bin/ps -ef | sed 1d | awk '{print $2}')
 
if [ $# -eq 0 ]; then
   read PORT?"Enter port you would like to know pid for: "
else
   PORT=$1
fi
 
for f in $PID
do
   /usr/proc/bin/pfiles $f 2>/dev/null | /usr/xpg4/bin/grep -q "port: $PORT"
   if [ $? -eq 0 ]; then
      echo $CODE
      echo "Port: $PORT is being used by PID:\c"
      /usr/bin/ps -ef -o pid -o args | egrep -v "grep|pfiles" | grep $f
   fi
done
exit 0
root@solaris-1#
 
Copy the script and executed as mentioned below
 
root@solaris-1# /var/tmp/check_port.sh
 
Enter port you would like to know pid for: 25
---------------------------------------------
Port: 25 is being used by PID:  935 /usr/lib/sendmail -bl -q15m
root@solaris-1#
Yes... We have found the process with using the port by executing customized scripts.
 
With netstat enhancements in Solaris 11.2 release onwards new flag "-u" has been added, which would list USER, PID and program name of the process and network port details.
$ netstat -un -P tcp                                                                                                          
TCP: IPv4
   Local Address        Remote Address      User     Pid     Command     Swind  Send-Q  Rwind  Recv-Q    State
-------------------- -------------------- -------- ------ ------------- ------- ------ ------- ------ -----------
127.0.0.1.59101          127.0.0.1.5011            root    6364   telnet         130880      0  139264      0 ESTABLISHED
127.0.0.1.5011            127.0.0.1.59101          root    4884   vntsd          139060     0  130880      0 ESTABLISHED
192.168.11.2.46829    192.168.11.3.389        root      816    nscd            49232      0  128872      0 ESTABLISHED
127.0.0.1.5010            127.0.0.1.51811          root    4884   vntsd          139060     0  130880      0 ESTABLISHED
169.254.182.77.12      169.254.182.76.24      root    4930      fmd            64096      0  128872     0 ESTABLISHED
192.168.11.2.22          192.168.11.3.49363    root    4172     sshd            61952     31  128544    0 ESTABLISHED
 
<<output truncated>>
With "-v" verbose flag netstat prints the program name with full path information including other information.
t5-2@~# netstat -nu -P tcp -v
TCP: IPv4
Local/Remote Address  Swind   Snext     Suna    Rwind   Rnext     Rack    Rto   Mss     State      User    Pid      Command
-------------------- ------- -------- -------- ------- -------- -------- ----- ----- ----------- -------- ------ --------------
127.0.0.1.59101    
127.0.0.1.5011        130880 eb88eb26 eb88eb26  139264 a9687631 a9687631  1125  8180 ESTABLISHED root       6364 /usr/bin/telnet 0 5011
127.0.0.1.5011     
127.0.0.1.59101       139060 a9687631 a9687631  130880 eb88eb26 eb88eb26  1125  8180 ESTABLISHED root      4884 /usr/lib/ldoms/vntsd -i virtual-console-concentrator@0 -p localhost -t 0
192.168.11.2.22   
192.168.11.3.44826   42112 aa006f8f aa006f4f  128544 d23c83de d23c83de   685  1248 ESTABLISHED root       4172 /usr/lib/ssh/sshd
192.168.11.2.63024
192.168.11.3.389      49232 cd6ad3cc cd6ad3cc  128872 ce3c602e ce3c602e   203  1448 CLOSE_WAIT  root           816 /usr/sbin/nscd
<<output truncated>>
To display all TCP, UDP, Domain sockets you can use "-au"
 # netstat -aun
UDP: IPv4
   Local Address        Remote Address      User    Pid      Command       State
-------------------- -------------------- -------- ------ -------------- ----------
      *.*                                 root            107 in.mpathd      Unbound
      *.*                                 root            107 in.mpathd      Unbound
      *.*                                 netadm      712      nwamd      Unbound
      *.*                                 netadm      712      nwamd      Unbound
      *.111                             daemon     3080   rpcbind       Idle
      *.*                                 daemon     3080   rpcbind       Unbound
      *.58525                         daemon     3080   rpcbind       Idle
      *.111                             daemon     3080   rpcbind       Idle
      *.*                                 daemon     3080   rpcbind       Unbound
      *.46768                         daemon     3080   rpcbind       Idle
<<output truncated>>
With this feature netstat can be alternative for lsof for looking up port related information.
If you compile and run lsof from the source in Solaris. Use lsof "-i4" flag to display open ports in Solaris to display ports associated with IPv4 .
# ./lsof -i4 |head
COMMAND     PID     USER   FD   TYPE         DEVICE SIZE/OFF NODE NAME
in.mpathd       107     root        3u   IPv4 0xc40046b332c0      0t0  TCP localhost:5999 (LISTEN)
in.mpathd       107     root        5u   IPv4 0xc400469f6080       0t0  UDP *:* (Unbound)
nwamd            712   netadm    5u   IPv4 0xc40048ea4100      0t0  UDP *:* (Unbound)
rpcbind         3080   daemon    8u   IPv4 0xc400499eac00      0t0  UDP 0.0.0.17:chargen (Idle)
rpcbind         3080   daemon    9u   IPv4 0xc400499ea700      0t0  UDP 0.0.0.17:chargen (Unbound)
rpcbind         3080   daemon   10u  IPv4 0xc400499ea200      0t0  UDP 0.0.0.17:chargen (Idle)
rpcbind         3080   daemon   11u  IPv4 0xc400499b5200      0t0  TCP *:* (LISTEN)
rpcbind         3080   daemon   12u  IPv4 0xc400499b49c0      0t0  TCP *:* (IDLE)
nfs4cbd        3155   daemon    7u    IPv4 0xc400499b3100      0t0  TCP *:* (LISTEN)
<<output truncated>>
 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)