1

I have an idea of how it's done on Linux, they probably go through /proc//fd and to display the sockets used by each process.

Unfortunately, it doesn't look like the /proc//fd entries list sockets on Solaris. Does anyone know how lsof would do it on this system? Or how one would even go about this in general?

Just to restate what exactly it is I need: I need some way to find which processes are listening to which ports (without using lsof of course) on Solaris.

monkeygame7
  • 39
  • 5
  • Any reason why you gave up following this question and its answers and asked a very similar one elsewhere? Also why do you state "without using lsof of course" ? – jlliagre Aug 07 '15 at 07:01
  • All of the answers given here either don't do what I need, or are missing part. The one answer tells me to use something on Solaris 11.2, which isn't the system I'm running. Your answer only sorta gets halfway to where I'm trying to get. I found another tool I could use and wanted to ask a question about it outside of the context of this thread. I state "without using lsof of course" because the very nature of my question is finding an alternative to lsof...I don't know what you're trying to get at. – monkeygame7 Aug 10 '15 at 14:03
  • My question is about the why "of course"? i.e. what is wrong using lsof while it seems to achieve what you want? Also, as my answer is only going halfway to what you are trying to get, feel free to tell me what is missing as a comment. – jlliagre Aug 10 '15 at 14:22
  • lsof is unavailable on the system – monkeygame7 Aug 10 '15 at 14:57
  • Okay, so I understand you are not writing C code but want to get this information from a shell script. As you were looking for lsof internals, I thought you wanted to reuse its internal method in C. – jlliagre Aug 10 '15 at 15:04
  • I need something that can do this. I can either find what mechanism lsof uses and try to duplicate it in my code, or pipe the shell script's output into my program and parse it. The important part is finding SOME way to correlate port numbers with the process that has it open. – monkeygame7 Aug 10 '15 at 15:49
  • If writing/integrating source code is acceptable, why not reusing (parts of) lsof source? It is freely available and its license is quite permissive. – jlliagre Aug 10 '15 at 21:10

2 Answers2

0

/proc/<pid>/fd lists all open file descriptors, including those associated with a socket, eg:

# pwd
/proc/408/fd
# ls -l
total 4
c---------   1 root     sys       13,  2 Jul 31 23:12 0
c---------   1 root     sys       97,  1 Jul 31 23:06 1
p---------   0 root     root           0 Jul 31 23:06 10
p---------   0 root     root           0 Jul 31 23:06 11
c---------   1 root     sys       97,  1 Jul 31 23:06 2
-r--r--r--   1 root     root        1209 Jul 31 23:06 3
D---------   1 root     root           0 Jul 31 23:06 4
s---------   0 root     root           0 Jul 31 23:06 5
s---------   0 root     root           0 Jul 31 23:06 6
p---------   0 root     root           0 Jul 31 23:06 7
p---------   0 root     root           0 Jul 31 23:06 8
s---------   0 root     root           0 Jul 31 23:06 9

Here file descriptors 5,6 and 9 are definitely sockets, as shows their s file type.

Not sure about what lsof is doing under the cover but to get socket details, pfiles is reading the process internal structures. See its dosocket methods.

jlliagre
  • 29,783
  • 6
  • 61
  • 72
  • So the s at the beginning of the line signifies that it's a socket? I'm mainly looking for alternatives to pfiles because that ends up being very slow (I need to do this quickly). – monkeygame7 Aug 01 '15 at 17:55
  • Yes, `s` means socket as documented ( http://docs.oracle.com/cd/E19683-01/816-0210/6m6nb7me6/index.html#ls-1-indx-1 ). You can filter out the processes having no socket open and only query the sockets file descriptors in custom code. – jlliagre Aug 01 '15 at 20:00
  • So, this returns the file descriptors, but how do I get what port those are corresponding to? I looked into this a bit myself after getting your answer and I couldn't find anything about how to do that. – monkeygame7 Aug 10 '15 at 14:59
  • If you want to retrieve the ports using a shell script, the first options I see are the already mentioned pfiles or a script based on ndd/mdb. Are you looking to some particular tcp ports or all ports in use? – jlliagre Aug 10 '15 at 15:15
  • I'd be looking for all ports. I don't want to use pfiles because it is extremely slow in comparison to everything else and there is possible instability since it pauses the processes to examine them. I am looking into mdb and I seem to have found something I can do with it. – monkeygame7 Aug 10 '15 at 15:52
  • You can filter out all processes that have no socket open by looking their /proc/*/fd directories, then you can use pfiles method to get the port information. Pfiles is exploring all file descriptors, not just the network related ones so your implementation would be faster. Pfiles is suspending a process while it scans its file descriptor table. This table being dynamic, not suspending the process might give erroneous data or even crash the reading process. – jlliagre Aug 10 '15 at 16:30
  • According to pfiles man page http://docs.oracle.com/cd/E19253-01/816-5165/6mbb0m9ng/index.html#Warnings it is possible to cause daemons to crash when it pauses them. This is just an unacceptable side effect in this situation. – monkeygame7 Aug 10 '15 at 16:48
  • As far as I know, this is only known to happen with some very specific time sensitive clustering components. Being suspended for a short period of time is otherwise something all Unix processes are expected to experience without damage. I have routinely run `pfiles` on probably tens of thousands of Solaris productions servers without any issue. – jlliagre Aug 10 '15 at 20:48
0

If you're running Solaris 11.2, you can use netstat -u. Per the man page:

-u

Lists the user, process id, and the program which originally created the network endpoint or controls it now.

Community
  • 1
  • 1
Andrew Henle
  • 32,625
  • 3
  • 24
  • 56