rmsock on AIX.I like lsof. Whenever
I’m building a new AIX system I always make sure to install it. I really like
the fact that I can quickly list processes that are connected to TCP and UDP
ports on my system. For example, to check for the current SSH connections on my
system I can run lsof and check
port 22 (SSH). Immediately I have a good idea of the existing SSH
sess # lsof -i tcp:22 Value of I :77 np:0 COMMAND PID
USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 340040
root 3u IPv4 0xf100020002e4a3b0 0t277394 TCP aix0 sshd 385184 u0008904 3u
IPv4 0xf100020002e4a3b0 0t277394 TCP
aix0 sshd 409808
root 3u IPv4 0xf1 But
sometimes I work on systems that don’t have lsof installed. It may not be practical or appropriate for me to
install it either. So I have
to find another tool (or tools) that will do something similar. Of course,
I could use netstat to check
that a server daemon was listening on a particular TCP port and view any
established connections. But this doesn’t give me the associated process id’s. $ netstat -a | grep -i ssh tcp4 0
0 *.ss tcp4 0
48 aix01.ssh 172. Fortunately,
the rmsock command
can provide that information. So if I wanted to find the process id for the
sshd daemon that is listening on my system I’d do the following. First I need
to find the socket id using netstat*. # netstat -@aA | grep -i ssh
| grep LIST | grep Global Global f1000700049303b0 tcp4 0 0
*.ssh *.* LISTEN Then
I can use rmsock to
discover the process id associated with the sockect. In this case it’s PID 282700. $ rmsock f1000200003e9bb0
tcpcb The socket 0x3e9808 is being
held by proccess 282700 (sshd). Unlike what its name implies, rmsock
does not remove the socket, if it is being used by a process. It just reports
the process holding the socket. Note that the second argument of rmsock is the protocol. It's tcpcb
in this example to indicate that the protocol is TCP. The results of the
command are also logged to /var
#
tail /var socket 0xf100020001c45008 held by process 434420 (writesrv) can't be removed. socket 0xf100020000663008 held by process 418040 (java) can't be removed. socket 0xf1000200012ad008 held by process 418040 (java) can't be removed. socket 0xf100020000dec008 held by process 163840 (inetd) can't be removed. socket 0xf100020000deb008 held by process 163840 (inetd) can't be removed. socket 0xf10002000016f808 held by process 192554 (snmpdv3ne) can't be removed. socket 0xf100020001c51808 held by process 442596 (dtlogin) can't be removed. socket 0xf1000200012a4008 held by process 418040 (java) can't be removed. socket 0xf100020000666008 held by process 315640 (java) can't be removed. socket 0xf100020000deb808 held by process 163840 (inetd) can't be removed.
The following links have more information on the rmsock command: http http *Note: In my
example I specified the @ symbol with the netstat command. I
also grep’ed for the string Global.
You may have to do the same if you have WPARs running on your system. In my
case I have two active WPARs who both have their own sshd process. My Global
environment also has an sshd process. So in total there are three sshd daemons
that I can view from the Global environment. By specifiying the @ symbol with
netstat, I can quickly determine which process belongs to the Global
environment and those that exist within each WPAR. #
netstat -aA | grep -i ssh | grep LISTEN f1000700049303b0
tcp4 0 0
*.ssh *.* LISTEN f100070000198bb0
tcp4 0 0
*.ssh *.* LISTEN f100070000194bb0
tcp4 0 0
*.ssh *.* LISTEN #
netstat -@aA | grep -i ssh | grep LISTEN Global f1000700049303b0 tcp4 0
0 *.ssh *.* LISTEN wpar1 f100070000198bb0 tcp4 0
0 *.ssh *.* LISTEN wpar2 f100070000194bb0 tcp4 0
0 *.ssh *.* LISTEN |