I like lsof.
Whenever
Im building a new AIX system I always make sure to install it. I really like
the fact that I can quickly list processes that are connected to TCP and UDP
ports on my system. For example, to check for the current SSH connections on my
system I can run lsof and check
port 22 (SSH). Immediately I have a good idea of the existing SSH
sessions/connections. I can also check to see if the SSH server (sshd daemon)
is running and listening (LISTEN) on my AIX partition.
# lsof -i tcp:22
Value of I :77 np:0
COMMAND PID
USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 340040
root 3u IPv4 0xf100020002e4a3b0 0t277394 TCP aix01:ssh->172.29.131.16:49948 (ESTABLISHED)
sshd 385184 u0008904 3u
IPv4 0xf100020002e4a3b0 0t277394 TCP
aix01:ssh->172.29.131.16:49948 (ESTABLISHED)
sshd 409808
root 3u IPv4 0xf100020001c48bb0 0t0
TCP *:ssh (LISTEN)
But
sometimes I work on systems that dont have lsof installed. It may not be practical or appropriate for me to
install it either. So I have
to find another tool (or tools) that will do something similar.
Of course,
I could use netstat to check
that a server daemon was listening on a particular TCP port and view any
established connections. But this doesnt give me the associated process ids.
$ netstat -a | grep -i ssh
tcp4 0
0 *.ssh *.* LISTEN
tcp4 0
48 aix01.ssh 172.29.131.16.50284 ESTABLISHED
Fortunately,
the rmsock command
can provide that information. So if I wanted to find the process id for the
sshd daemon that is listening on my system Id do the following. First I need
to find the socket id using netstat*.
# netstat -@aA | grep -i ssh
| grep LIST | grep Global
Global f1000700049303b0 tcp4 0 0
*.ssh *.* LISTEN
Then
I can use rmsock to
discover the process id associated with the sockect. In this case its PID 282700.
$ rmsock f1000200003e9bb0
tcpcb
The socket 0x3e9808 is being
held by proccess 282700 (sshd).
Unlike what its name implies, rmsock does not remove the socket, if it is being used by a process. It just reports the process holding the socket. Note that the second argument of rmsock is the protocol. It's tcpcb in this example to indicate that the protocol is TCP. The results of the command are also logged to /var/adm/ras/rmsock.log.
# tail /var/adm/ras/rmsock.log
socket 0xf100020001c45008 held by process 434420 (writesrv) can't be removed.
socket 0xf100020000663008 held by process 418040 (java) can't be removed.
socket 0xf1000200012ad008 held by process 418040 (java) can't be removed.
socket 0xf100020000dec008 held by process 163840 (inetd) can't be removed.
socket 0xf100020000deb008 held by process 163840 (inetd) can't be removed.
socket 0xf10002000016f808 held by process 192554 (snmpdv3ne) can't be removed.
socket 0xf100020001c51808 held by process 442596 (dtlogin) can't be removed.
socket 0xf1000200012a4008 held by process 418040 (java) can't be removed.
socket 0xf100020000666008 held by process 315640 (java) can't be removed.
socket 0xf100020000deb808 held by process 163840 (inetd) can't be removed.
The following links have more information on the rmsock command:
http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21264632
http://aixblogs.blogspot.com/2009/03/using-netstat-and-rmsock-to-identify.html
*Note: In my
example I specified the @ symbol with the netstat command. I
also greped for the string Global.
You may have to do the same if you have WPARs running on your system. In my
case I have two active WPARs who both have their own sshd process. My Global
environment also has an sshd process. So in total there are three sshd daemons
that I can view from the Global environment. By specifiying the @ symbol with
netstat, I can quickly determine which process belongs to the Global
environment and those that exist within each WPAR.
#
netstat -aA | grep -i ssh | grep LISTEN
f1000700049303b0
tcp4 0 0
*.ssh *.* LISTEN
f100070000198bb0
tcp4 0 0
*.ssh *.* LISTEN
f100070000194bb0
tcp4 0 0
*.ssh *.* LISTEN
#
netstat -@aA | grep -i ssh | grep LISTEN
Global f1000700049303b0 tcp4 0
0 *.ssh *.* LISTEN
wpar1 f100070000198bb0 tcp4 0
0 *.ssh *.* LISTEN
wpar2 f100070000194bb0 tcp4 0
0 *.ssh *.* LISTEN