Port Status Solaris 10

[phoboz 0]

Hi !

I wonder if there is any special command that
shows which programs are listening to which
network ports ?

I have tried:

# ps -ef

Then I get something like this:

UID   PID  PPID   C    STIME TTY         TIME CMD    root     0     0   0 07:51:10 ?           0:09 sched    root     1     0   0 07:51:10 ?           0:00 /sbin/init    root     2     0   0 07:51:10 ?           0:00 pageout    root     3     0   0 07:51:10 ?           0:01 fsflushwebservd   262   247   0 07:51:34 ?           0:00 /usr/apache2/bin/httpd -k start    root     7     1   0 07:51:13 ?           0:03 /lib/svc/bin/svc.startd    root     9     1   0 07:51:14 ?           0:15 /lib/svc/bin/svc.configdwebservd   259   247   0 07:51:34 ?           0:00 /usr/apache2/bin/httpd -k startwebservd   260   247   0 07:51:34 ?           0:00 /usr/apache2/bin/httpd -k start    root   234     7   0 07:51:33 console     0:00 /usr/lib/saf/ttymon -g -d /dev/console -l console -T sun -m ldterm,ttcompat -h     root   228     1   0 07:51:32 ?           0:01 /usr/lib/inet/inetd start    root   337     1   0 07:51:41 ?           0:00 /usr/sbin/syslogd    root   229     7   0 07:51:32 ?           0:00 /usr/lib/saf/sac -t 300    root    49     1   0 07:51:22 ?           0:00 /sbin/dhcpagent    root    93     1   0 07:51:26 ?           0:00 /usr/sbin/nscdwebservd   266   247   0 07:51:35 ?           0:00 /usr/apache2/bin/httpd -k start    root    76     1   0 07:51:25 ?           0:00 /usr/lib/sysevent/syseventd  daemon    95     1   0 07:51:27 ?           0:00 /usr/lib/crypto/kcfd    root    98     1   0 07:51:27 ?           0:00 /usr/lib/power/powerd    root   235     1   0 07:51:33 ?           0:00 /usr/lib/utmpd    root    82     1   0 07:51:25 ?           0:00 /usr/lib/picl/picld  daemon   219     1   0 07:51:31 ?           0:00 /usr/sbin/rpcbind    root   203     1   0 07:51:31 ?           0:00 /usr/sbin/cron  daemon   222     1   0 07:51:32 ?           0:00 /usr/lib/nfs/statd  daemon   230     1   0 07:51:32 ?           0:00 /usr/lib/nfs/lockd    root   247     1   0 07:51:33 ?           0:00 /usr/apache2/bin/httpd -k start    root   239   229   0 07:51:33 ?           0:00 /usr/lib/saf/ttymonwebservd   264   247   0 07:51:34 ?           0:00 /usr/apache2/bin/httpd -k start    root   611   538   0 07:51:52 ?           0:00 /usr/dt/bin/dtlogin -daemon    root   317     1   0 07:51:39 ?           0:00 /usr/lib/autofs/automountd    root   335     1   0 07:51:41 ?           0:00 /usr/lib/ssh/sshd   smmsp   361     1   0 07:51:43 ?           0:00 /usr/lib/sendmail -Ac -q15m    root   395   394   0 07:51:44 ?           0:00 /usr/sadm/lib/smc/bin/smcboot    root   396   394   0 07:51:44 ?           0:00 /usr/sadm/lib/smc/bin/smcboot    root   342     1   0 07:51:42 ?           0:01 /usr/lib/fm/fmd/fmd    root   362     1   0 07:51:43 ?           0:00 /usr/lib/sendmail -bd -q15m    root   587     1   0 07:51:49 ?           0:00 /usr/sbin/vold    root   394     1   0 07:51:44 ?           0:00 /usr/sadm/lib/smc/bin/smcboot    alex   629   611   0 07:52:08 ?           0:00 /bin/ksh /usr/dt/bin/Xsession    root   407     1   0 07:51:44 ?           0:00 /usr/sbin/afbdaemon /dev/fbs/afb0    root   431     1   0 07:51:45 ?           0:00 /usr/lib/im/htt -port 9010 -syslog -message_locale C    root   610     1   0 07:51:52 ?           0:01 /usr/sfw/sbin/snmpd    alex   547   538   3 07:51:48 ?           0:56 /usr/openwin/bin/Xsun :0 -defdepth 24 -nobanner -auth /var/dt/A:0-DKaqdb    root   448   431   0 07:51:45 ?           0:00 htt_server -port 9010 -syslog -message_locale C    root   580     1   0 07:51:49 ?           0:00 /usr/lib/dmi/snmpXdmid -s nova    root   461     1   0 07:51:46 ?           0:00 /bin/sh /opt/csw/mysql4/bin/mysqld_safe --pid-file=/opt/csw/mysql4/var/mysql.pi   mysql   571   461   0 07:51:49 ?           0:02 /opt/csw/mysql4/libexec/mysqld --basedir=/opt/csw/mysql4 --datadir=/opt/csw/mys    alex   702   699   0 07:52:09 pts/3       0:00 -bash -c      unset DT;     DISPLAY=:0;       /usr/dt/bin/dtsession_res -mer    root   538     1   0 07:51:47 ?           0:00 /usr/dt/bin/dtlogin -daemon    root   556     1   0 07:51:48 ?           0:00 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf    root   568     1   0 07:51:49 ?           0:00 /usr/lib/dmi/dmispd    root   612   538   0 07:51:52 ??          0:00 /usr/openwin/bin/fbconsole -d :0    alex   646   629   0 07:52:08 ?           0:00 /usr/openwin/bin/fbconsole    alex   724   716   0 07:52:14 ?           0:01 /usr/dt/bin/sdtperfmeter -f -H -t cpu -t disk -s 1 -name fpperfmeter    alex   715     1   0 07:52:11 pts/3       0:00 /usr/dt/bin/ttsession    alex   652     1   0 07:52:08 ?           0:00 /usr/openwin/bin/speckeysd    alex   699   629   0 07:52:09 pts/3       0:00 /usr/dt/bin/sdt_shell -c      unset DT;     DISPLAY=:0;       /usr/dt/bin/dt    alex   716   702   0 07:52:11 pts/3       0:00 /usr/dt/bin/dtsession    alex   701     1   0 07:52:09 ?           0:00 /usr/dt/bin/dsdm    alex   722   716   0 07:52:11 ?           0:01 dtwm    root   723   228   0 07:52:11 ?           0:00 /usr/dt/bin/rpc.ttdbserverd    root   732   228   0 07:52:14 ?           0:00 /usr/lib/netsvc/rstat/rpc.rstatd    alex   726     1   0 07:52:14 ?           0:00 /bin/ksh /usr/dt/bin/sdtvolcheck -d -z 5 cdrom,zip,jaz,dvdrom,rmdisk    alex   744   715   0 07:52:29 pts/3       0:00 /bin/sh -c dtfile -noview    alex   743   726   0 07:52:24 ?           0:00 /bin/cat /tmp/.removable/notify726    alex   745   744   0 07:52:30 pts/3       0:00 dtfile -noview    alex   747   745   0 07:52:40 pts/3       0:00 dtfile -noview    alex   980   979   1 08:02:15 ??          0:00 /usr/dt/bin/dtterm -C -ls    alex   982   980   0 08:02:16 pts/4       0:00 -bash    alex   979   722   0 08:02:15 ?           0:00 /usr/dt/bin/dtexec -open 0 -ttprocid 2.13Eu4A 01 715 1289637086 1 1 100 192.168    alex   802     1   0 07:52:47 ?           0:00 /bin/ksh -p /usr/sfw/bin/mozilla    alex   988   982   0 08:02:17 pts/4       0:00 ps -ef    alex   835   802   0 07:52:48 ?           0:00 /bin/sh /usr/sfw/bin/../lib/mozilla/run-mozilla.sh /usr/sfw/bin/../lib/mozilla/    alex   851     1   0 07:52:51 ?           0:00 /opt/csw/libexec/gconfd-2 16    alex   849   835   6 07:52:48 ?           2:31 /usr/sfw/bin/../lib/mozilla/mozilla-bin -UILocale en-US -contentLocale US

And take for example the line:

UID   PID  PPID   C    STIME TTY         TIME CMDmysql   571   461   0 07:51:49 ?           0:02 /opt/csw/mysql4/libexec/mysqld

I get a lot of information but I can't see which port number it runs on.

/Alex

[qwijibow 0]

I wonder if there is any special command thatshows which programs are listening to which
network ports ?

you mean netstat !
its a very common tool, it exists in solaris, *BSD, Linux, and even WindowsXP !

read "man netstat"

you prbaby want "netstat -npl"

n = show posrts as numbers (e.g. show "80" instead of "http"
l = show ports in state listening.
p = report program name/PID of the running program.

example output on my machine...

localhost ~ # netstat -nplActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program nametcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      7132/smbdtcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      7737/privoxytcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      6691/cupsdtcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      7685/tortcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      7132/smbdudp        0      0 192.168.1.2:137         0.0.0.0:*                           7135/nmbdudp        0      0 0.0.0.0:137             0.0.0.0:*                           7135/nmbdudp        0      0 192.168.1.2:138         0.0.0.0:*                           7135/nmbdudp        0      0 0.0.0.0:138             0.0.0.0:*                           7135/nmbdudp        0      0 0.0.0.0:631             0.0.0.0:*                           6691/cupsd

running tor proxy, privoxy proxy, cups and samba.

[iGuest 3]

"p = report program name/PID of the running program."it work on linux, but not on Solaris

[iGuest 3]

port listing on Solaris 10Port Status

to get a port listing on our Solaris 10 boxes we did a little custom scripting.

#  more portreport.Sh#!/bin/shEcho " "/usr/local/security/ports.Ksh -a  | /usr/local/security/p.Pl | sort -and | uniq >/tmp/portreport.Txtchmod go-rwx /tmp/portreport.Txtecho "port report is in /tmp/portreport.Txt"echo "for a listing of ports open by each process use the"Echo "/usr/local/security/ports.Ksh -a command"Echo " "Exit 0

--------------snip ------------------------------

  more ports.Ksh#!/usr/bin/ksh## PCP (PID con Port)# v1.09 11/12/2009 Sam Nelson sam @ unix.Ms## If you have a Solaris 8, 9 or 10 box and you can't# install lsof, try this. It maps PIDS to ports and vice versa.# It also shows you which peers are connected on which port.# Wildcards are accepted for -p and -P options.## Many thanks Daniel Trinkle trinkle @ cs.Purdue.Edu# for the help, much appreciated.I=0While getopts :P:a optDoCase "${opt}" inP ) port="${OPTARG}";I=3;;P ) pid="${OPTARG}";I=3;;A ) all=all;I=2;;EsacDoneIf [ $OPTIND != $I ]ThenEcho >&2 "usage: $0 [-p PORT] [-P PID] [-a] (Wildcards OK) "Exit 1FiShift `expr $OPTIND - 1`If [ "$port" ]Then# Enter the port number, get the PID#Port=${OPTARG}Echo "PIDtProcess Name and Port"Echo "_________________________________________________________"For proc in `ptree -a | awk '/ptree/ {next} {print $1};'`DoResult=`pfiles $proc 2> /dev/null| egrep "port: $port$"`If [ ! -z "$result" ]ThenProgram=`ps -fo comm= -p $proc`Echo "$proct$programt$portand$result"Echo "_________________________________________________________"FiDoneElif [ "$pid" ]Then# Enter the PID, get the port#Pid=$OPTARG# Print out the informationEcho "PIDtProcess Name and Port"Echo "_________________________________________________________"For proc in `ptree -a | awk '/ptree/ {next} $1 ~ /^'"$pid"'$/ {print $1};'`DoResult=`pfiles $proc 2> /dev/null| egrep port:`If [ ! -z "$result" ]ThenProgram=`ps -fo comm= -p $proc`Echo "$proct$programand$result"Echo "_________________________________________________________"FiDoneElif [ $all ]Then# Show all PIDs, Ports and Peers#Echo "PIDtProcess Name and Port"Echo "_________________________________________________________"For proc in `ptree -a | sort -and | awk '/ptree/ {next} {print $1};'`DoOut=`pfiles $proc 2>/dev/null| egrep "port:"`If [ ! -z "$out" ]ThenName=`ps -fo comm= -p $proc`Echo "$proct$nameand$out"Echo "_________________________________________________________"FiDoneFiExit 0

----------------snip------------------------------

 

# more p.Pl#!/usr/bin/perl# portlist.Pl# take output of ports.Ksh and produce sorted list by port number.# this gets passed to sort -and and uniq to produce a sorted list#of ports open and server and what process is using it.# read file into array@input = <>;$count = 1;# process arrayWhile ( $count <= @input ) {$process_this = 1;# trim leading and trailing spaces# read each line into string and trim white space$string = $input[ $count -1 ];#print ( "$string" );#$string =~ s/s+//;#$string =~ s/s+$//;# don't process junk lines$result = $string =~ /PID/;If (  $result ) { $process_this = 0;}$result = $string =~ /_______/;If (  $result ) { $process_this = 0;}# does line start with number, then its a process number$result = $string =~/^[123456789]/;# so get the process number into a string, but don't process it# we save it for laterIf ( $result ) {$process_this = 0;$process_number = $string;}########################################If ( $process_this == 1 ){@splitstring = split(/:/, $string );#print ( "$splitstring[0]and");#print ( "$splitstring[1]and");#print ( "$splitstring[2]and");#print ( "$splitstring[3]and");#print ( "$splitstring[4]and");#print ( "------------------and" );if ( $splitstring[1] =~ /AF_INET6/ ) {if ( $splitstring[3] =~ /ffff/ ) {$portnumber = $splitstring[5];} else {$portnumber = $splitstring[4];}} else {$portnumber = $splitstring[2];}chop $portnumber;#print ( "$portnumbert$process_numberand" );$array_element = "$portnumber" . "tt" . "$process_number";push (@myarray, $array_element );#print ( "------------------and" );#######################################print ( "$stringand");}$count++;# end while}@sorted = sort ( @myarray );#print ( "port number PID   processand");Print @sorted;

 ---------------snip------------------------------

putting  these together and run portreport.Sh gives us a nice sorted list of what ports are open..

 0   21100 defcs 0   21101 udapi_slave 0   424 /usr/lib/fm/fmd/fmd 0   474 /usr/sfw/sbin/snmpd 21 521 /usr/lib/inet/inetd 22 414 /usr/lib/ssh/sshd 23 521 /usr/lib/inet/inetd 25 5766   /usr/lib/sendmail 161   474 /usr/sfw/sbin/snmpd 587   5766   /usr/lib/sendmail 898   398 /usr/sadm/lib/smc/bin/smcboot 992   27153 /usr/ud71/bin/udtelnetd 992   2951   /usr/ud71/bin/udtelnetd 992   5019   /usr/ud71/bin/udtelnetd 992   521 /usr/lib/inet/inetd 1147 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1149 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1153 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1155 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1162 2702   /opt/SUNWstade/snmp/sbin/snmptrapd 1172 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1177 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 1243 13933 /opt/java160/jdk1.6.0_16/jre/bin/jav

... Buncha stuff deleted..

 

5010 2608   /opt/java160/jdk1.6.0_16/jre/bin/java 5050 1716   /opt/java160/jdk1.6.0_16/jre/bin/java 5510 27044 /opt/java160/jdk1.6.0_16/jre/bin/java 5550 24731 /usr/ud71/bin/udt 5550 26992 /opt/java160/jdk1.6.0_16/jre/bin/java 5550 292 /usr/ud71/bin/udt 5671 269 /opt/java160/jdk1.6.0_16/jre/bin/java 5675 131 /opt/java160/jdk1.6.0_16/jre/bin/java 5680 25552 /opt/java160/jdk1.6.0_16/jre/bin/java 5681 25438 /opt/java160/jdk1.6.0_16/jre/bin/java 5685 19315 /usr/ud71/bin/udt 5685 22920 /usr/ud71/bin/udt 5685 25375 /opt/java160/jdk1.6.0_16/jre/bin/java 5691 13933 /opt/java160/jdk1.6.0_16/jre/bin/java 5695 13978 /opt/java160/jdk1.6.0_16/jre/bin/java 5695 27200 /usr/ud71/bin/udt 5695 2967   /usr/ud71/bin/udt 5695 5037   /usr/ud71/bin/udt 5710 27061 /opt/java160/jdk1.6.0_16/jre/bin/java 5720 27122 /opt/java160/jdk1.6.0_16/jre/bin/java 5750 26985 /opt/java160/jdk1.6.0_16/jre/bin/java 5840 13861 /opt/java160/jdk1.6.0_16/jre/bin/java

 

etc, etc.