Many thanks for the 30 odd replies. My apologies that this question can be found in Sunmanager's faq but I've got a few unique answers which can't be found in the faq. Have removed as many repeated answers & summarized below: ============================================== Unfortunately you can't find out the PID with the Solaris netstat command. Linux will allow you to do this with a netstat -anp. The p option shows you which media interface. Either http://www.blastwave.org or http://www.sunfreeware.com will have it. You may need to install other binaries/libraries to install the lsof package. I recommend blastwave. ============================================== http://dcs.nac.uci.edu/~strombrg/What-program-is-active-on-that-port.html ============================================== > Will "netstat -anv" give any clue like pid of the daemon that's > listening on that port etc?? No. You can install and use 'lsof'. Then you could do something like 'lsof -i :3181' to find processes using that port. Or (depending on the OS), you could look at the output of 'pfiles <PID>' for all processes running on the box to see which ones would be using that particular port. ============================================== Get lsof from sunfreeware.com and run: lsof +M -P | grep LISTEN ============================================== you could try and see if the process has any files opened against it, might give you a clue to the app the process belongs too. lsof -i | grep 24576 you will prob have to load lsof from sunfreeware. cheers dan. ============================================== Download and install "lsof" (sunfreeware) Example: # lsof -i -U | egrep "389|ldap" Gary ============================================== Try this web site which lists port numbers assigned http://www.iana.org/assignments/port-numbers i.e. esmmanager 5600/tcp Enterprise Security Manager esmmanager 5600/udp Enterprise Security Manager 3181 isn't listed You could try using 'lsof' I think it works rather like 'truss' but on a port or try using snoop for that particular port other than that I am at a loss ============================================== OOn recent versions of Solaris, "pfiles" will tell you about each and every program running which file descriptor matches to what. cd /proc pfiles *| more ============================================== the best way to do that is to use lsof. download it if you dont have it lsof |grep 3181 will give you the PID of the process that listens to that port. =============Original question ============== Date: Thu, 15 Sep 2005 16:22:13 +0800 (CST) From: "Gold Sun" <goldsun8@yahoo.com.sg> To: sunmanagers@sunmanagers.org Subject: can we trace a listening udp/tcp ports to the underlying applications/program Hi, I was notified during a vulnerability scan that there are ports that are open on the Sun servers which I just 'inherited' not too long ago. Issuing "netstat -an" showed the ports with "listen" state & I can then search the port number under /etc/services, say "printer" & then look up /etc/inetd.conf. I can then comment out (prefixing with #) for the entry in inetd.conf & then restart inetd. However there's some ports which I cant trace in the above manner. # netstat -an . . . *.3181 *.* 0 0 24576 0 LISTEN *.5600 *.* 0 0 24576 0 LISTEN . . . # grep 3181 /etc/services # grep 5600 /etc/services Will "netstat -anv" give any clue like pid of the daemon that's listening on that port etc?? I do not have the documentation from my predecessor who's left. If I can trace it to a specific application name, say Tivoli Storage Manager, then I can list it out & tell the auditor this is a required port or if it's some dubious ones, possibly stop the application & see if it breaks (if it does, then start it up again). Sample "netstat -anv" output follows : UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ------- . . . 10.196.16.12.123 Idle TCP: IPv4 Local/Remote Address Swind Snext Suna Rwind Rnext Rack Rto Mss State -------------------- ----- -------- -------- ----- -------- -------- ----- ----- ----- *.3181 *.* 0 00000000 00000000 24576 00000000 00000000 3375 536 LISTEN *.5600 *.* 0 00000000 00000000 24576 00000000 00000000 3375 536 LISTEN . . . . . Thanks Send instant messages to your online friends http://asia.messenger.yahoo.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Sat Sep 17 03:28:26 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:51 EST