-
Debugging
August 6, 2015
using solaris netstat to find open ports or listening port ( equivalent of lsof -i )
When debugging network services, I usually tend to run either custom pfiles scripts or compile lsof for Solaris to find the open ports in Solaris. With netstat enhancements in Solaris 11.2 release onwards new flag "-u" has been added, which would list USER, PID and program name of the process and network port details.
$ netstat -un -P tcp
TCP: IPv4
Local Address Remote Address User Pid Command Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- -------- ------ ------------- ------- ------ ------- ------ -----------
127.0.0.1.59101 127.0.0.1.5011 root 6364 telnet 130880 0 139264 0 ESTABLISHED
127.0.0.1.5011 127.0.0.1.59101 root 4884 vntsd 139060 0 130880 0 ESTABLISHED
192.168.11.2.46829 192.168.11.3.389 root 816 nscd 49232 0 128872 0 ESTABLISHED
127.0.0.1.5010 127.0.0.1.51811 root 4884 vntsd 139060 0 130880 0 ESTABLISHED
169.254.182.77.12 169.254.182.76.24 root 4930 fmd 64096 0 128872 0 ESTABLISHED
192.168.11.2.22 192.168.11.3.49363 root 4172 sshd 61952 31 128544 0 ESTABLISHED
<<output truncated>>
With "-v" verbose flag netstat prints the program name with full path information including other information.
t5-2@~# netstat -nu -P tcp -v
TCP: IPv4
Local/Remote Address Swind Snext Suna Rwind Rnext Rack Rto Mss State User Pid Command
-------------------- ------- -------- -------- ------- -------- -------- ----- ----- ----------- -------- ------ --------------
127.0.0.1.59101
127.0.0.1.5011 130880 eb88eb26 eb88eb26 139264 a9687631 a9687631 1125 8180 ESTABLISHED root 6364 /usr/bin/telnet 0 5011
127.0.0.1.5011
127.0.0.1.59101 139060 a9687631 a9687631 130880 eb88eb26 eb88eb26 1125 8180 ESTABLISHED root 4884 /usr/lib/ldoms/vntsd -i virtual-console-concentrator@0 -p localhost -t 0
192.168.11.2.22
192.168.11.3.44826 42112 aa006f8f aa006f4f 128544 d23c83de d23c83de 685 1248 ESTABLISHED root 4172 /usr/lib/ssh/sshd
192.168.11.2.63024
192.168.11.3.389 49232 cd6ad3cc cd6ad3cc 128872 ce3c602e ce3c602e 203 1448 CLOSE_WAIT root 816 /usr/sbin/nscd
<<output truncated>>
To display all TCP, UDP, Domain sockets you can use "-au"
# netstat -aun
UDP: IPv4
Local Address Remote Address User Pid Command State
-------------------- -------------------- -------- ------ -------------- ----------
*.* root 107 in.mpathd Unbound
*.* root 107 in.mpathd Unbound
*.* netadm 712 nwamd Unbound
*.* netadm 712 nwamd Unbound
*.111 daemon 3080 rpcbind Idle
*.* daemon 3080 rpcbind Unbound
*.58525 daemon 3080 rpcbind Idle
*.111 daemon 3080 rpcbind Idle
*.* daemon 3080 rpcbind Unbound
*.46768 daemon 3080 rpcbind Idle
<<output truncated>>
With this feature netstat can be alternative for lsof for looking up port related information.
If you compile and run lsof from the source in Solaris. Use lsof "-i4" flag to display open ports in Solaris to display ports associated with IPv4 .
# ./lsof -i4 |head
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
in.mpathd 107 root 3u IPv4 0xc40046b332c0 0t0 TCP localhost:5999 (LISTEN)
in.mpathd 107 root 5u IPv4 0xc400469f6080 0t0 UDP *:* (Unbound)
nwamd 712 netadm 5u IPv4 0xc40048ea4100 0t0 UDP *:* (Unbound)
rpcbind 3080 daemon 8u IPv4 0xc400499eac00 0t0 UDP 0.0.0.17:chargen (Idle)
rpcbind 3080 daemon 9u IPv4 0xc400499ea700 0t0 UDP 0.0.0.17:chargen (Unbound)
rpcbind 3080 daemon 10u IPv4 0xc400499ea200 0t0 UDP 0.0.0.17:chargen (Idle)
rpcbind 3080 daemon 11u IPv4 0xc400499b5200 0t0 TCP *:* (LISTEN)
rpcbind 3080 daemon 12u IPv4 0xc400499b49c0 0t0 TCP *:* (IDLE)
nfs4cbd 3155 daemon 7u IPv4 0xc400499b3100 0t0 TCP *:* (LISTEN)
<<output truncated>>