X

using solaris netstat to find open ports or listening port ( equivalent of lsof -i )

When debugging network services, I usually tend to run either custom pfiles scripts or compile lsof for Solaris to find the open ports in Solaris. With netstat enhancements in Solaris 11.2 release onwards new flag "-u" has been added, which would list USER, PID and program name of the process and network port details.

$ netstat -un -P tcp                                                                                                          

TCP: IPv4
   Local Address        Remote Address      User     Pid     Command     Swind  Send-Q  Rwind  Recv-Q    State
-------------------- -------------------- -------- ------ ------------- ------- ------ ------- ------ -----------
127.0.0.1.59101          127.0.0.1.5011            root    6364   telnet         130880      0  139264      0 ESTABLISHED
127.0.0.1.5011            127.0.0.1.59101          root    4884   vntsd          139060     0  130880      0 ESTABLISHED
192.168.11.2.46829    192.168.11.3.389        root      816    nscd            49232      0  128872      0 ESTABLISHED
127.0.0.1.5010            127.0.0.1.51811          root    4884   vntsd          139060     0  130880      0 ESTABLISHED
169.254.182.77.12      169.254.182.76.24      root    4930      fmd            64096      0  128872     0 ESTABLISHED
192.168.11.2.22          192.168.11.3.49363    root    4172     sshd            61952     31  128544    0 ESTABLISHED

<<output truncated>>

With "-v" verbose flag netstat prints the program name with full path information including other information.

t5-2@~# netstat -nu -P tcp -v

TCP: IPv4
Local/Remote Address  Swind   Snext     Suna    Rwind   Rnext     Rack    Rto   Mss     State      User    Pid      Command
-------------------- ------- -------- -------- ------- -------- -------- ----- ----- ----------- -------- ------ --------------
127.0.0.1.59101    
127.0.0.1.5011        130880 eb88eb26 eb88eb26  139264 a9687631 a9687631  1125  8180 ESTABLISHED root       6364 /usr/bin/telnet 0 5011
127.0.0.1.5011     
127.0.0.1.59101       139060 a9687631 a9687631  130880 eb88eb26 eb88eb26  1125  8180 ESTABLISHED root      4884 /usr/lib/ldoms/vntsd -i virtual-console-concentrator@0 -p localhost -t 0
192.168.11.2.22   
192.168.11.3.44826   42112 aa006f8f aa006f4f  128544 d23c83de d23c83de   685  1248 ESTABLISHED root       4172 /usr/lib/ssh/sshd
192.168.11.2.63024
192.168.11.3.389      49232 cd6ad3cc cd6ad3cc  128872 ce3c602e ce3c602e   203  1448 CLOSE_WAIT  root           816 /usr/sbin/nscd
<<output truncated>>

To display all TCP, UDP, Domain sockets you can use "-au"

 # netstat -aun

UDP: IPv4
   Local Address        Remote Address      User    Pid      Command       State
-------------------- -------------------- -------- ------ -------------- ----------
      *.*                                 root            107 in.mpathd      Unbound
      *.*                                 root            107 in.mpathd      Unbound
      *.*                                 netadm      712      nwamd      Unbound
      *.*                                 netadm      712      nwamd      Unbound
      *.111                             daemon     3080   rpcbind       Idle
      *.*                                 daemon     3080   rpcbind       Unbound
      *.58525                         daemon     3080   rpcbind       Idle
      *.111                             daemon     3080   rpcbind       Idle
      *.*                                 daemon     3080   rpcbind       Unbound
      *.46768                         daemon     3080   rpcbind       Idle
<<output truncated>>

With this feature netstat can be alternative for lsof for looking up port related information.

If you compile and run lsof from the source in Solaris. Use lsof "-i4" flag to display open ports in Solaris to display ports associated with IPv4 .

# ./lsof -i4 |head
COMMAND     PID     USER   FD   TYPE         DEVICE SIZE/OFF NODE NAME
in.mpathd       107     root        3u   IPv4 0xc40046b332c0      0t0  TCP localhost:5999 (LISTEN)
in.mpathd       107     root        5u   IPv4 0xc400469f6080       0t0  UDP *:* (Unbound)
nwamd            712   netadm    5u   IPv4 0xc40048ea4100      0t0  UDP *:* (Unbound)
rpcbind         3080   daemon    8u   IPv4 0xc400499eac00      0t0  UDP 0.0.0.17:chargen (Idle)
rpcbind         3080   daemon    9u   IPv4 0xc400499ea700      0t0  UDP 0.0.0.17:chargen (Unbound)
rpcbind         3080   daemon   10u  IPv4 0xc400499ea200      0t0  UDP 0.0.0.17:chargen (Idle)
rpcbind         3080   daemon   11u  IPv4 0xc400499b5200      0t0  TCP *:* (LISTEN)
rpcbind         3080   daemon   12u  IPv4 0xc400499b49c0      0t0  TCP *:* (IDLE)
nfs4cbd        3155   daemon    7u    IPv4 0xc400499b3100      0t0  TCP *:* (LISTEN)
<<output truncated>>

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.