What process is listening on a certain port on Solaris

Question

So I log into a Solaris box  try to start Apache  and find that there is already a process listening on port 80  and it s not Apache  Our boxes don t have lsof installed  so I can t query with that  I guess I could do   pfiles  ls  proc    less   and look for  port  80   but if anyone has a better solution  I m all ears  Even better if I can look for the listening process without being root  I m open to both shell and C solutions  I wouldn t mind having a little custom executable to carry with me for the next time this comes up   Updated  I m talking about generic installs of solaris for which I am not the administrator  although I do have superuser access   so installing things from the freeware disk isn t an option  Obviously neither are using Linux-specific extensions to fuser  netstat  or other tools  So far running pfiles on all processes seems to be the best solution  unfortunately  If that remains the case  I ll probably post an answer with some slightly more efficient code that the clip above

User · Answer

You might not want to  but your best bet is to grab the sunfreeware CD and install lsof   Other than that  yes you can grovel around in  proc with a shell script

User · Answer

Mavroprovato s answer reports more than only the listening ports  Listening ports are sockets without a peer  The following Perl program reports only the listening ports  It works for me on SunOS 5 10       usr bin env perl       Search the processes which are listening on the given port        For SunOS 5 10      use strict  use warnings   die  Port missing  unless   ARGV  gt   0  my  port   int  ARGV 0    die  Invalid port  unless  port  gt  0   my  pids  map   push  pids     if     gt  0    map   int        ls  proc    foreach my  pid   pids        open  PF   pfiles  pid 2 gt  dev null                 warn  Can not read pfiles  pid             lt PF gt       my  fd      my  type      my  sockname      my  peername      my  report   sub           if  defined  fd                if  defined  sockname  amp  amp    defined  peername                    print   pid  type  sockname n              while   lt PF gt             if     s   d                        amp  report                 fd   int   1               undef  type              undef  sockname              undef  peername            elsif    SOCK DGRAM SOCK STREAM       type    1            elsif   sockname  AF INET 6         port   port                  sockname    1            elsif   peername  AF INET      peername   1           amp  report        close  PF

User · Answer

If you have access to netstat  that can do precisely that

User · Answer

If you have access to netstat  that can do precisely that

User · Answer

Most probly sun s administrative server   It s usually bundled along with sun s directory and a few other webmin-ish stuff that is in the default installation

User · Answer

This is sort of an indirect approach  but you could see if a website loads on your web browser of choice from whatever is running on port 80   Or you could telnet to port 80 and see if you get a response that gives you a clue as to what is running on that port and you can go shut it down   Since port 80 is the default port for http traffic chances are there is some sort of http server running there by default  but there s no guarantee

User · Answer

netstat on Solaris will not tell you this  nor will older versions of lsof  but if you download and build install a newer version of lsof  this can tell you that     lsof -v lsof version information      revision  4 85     latest revision  ftp   lsof itap purdue edu pub tools unix lsof      latest FAQ  ftp   lsof itap purdue edu pub tools unix lsof FAQ     latest man page  ftp   lsof itap purdue edu pub tools unix lsof lsof man     configuration info  64 bit kernel     constructed  Fri Mar 7 10 32 54 GMT 2014     constructed by and on  user hostname     compiler  gcc     compiler version  3 4 3  csl-sol210-3 4-branch sol rpath      8 lt - - - -    SNIP    - - -   With this you can use the -i option     lsof -i 22 COMMAND   PID     USER   FD   TYPE             DEVICE   SIZE OFF NODE NAME sshd      521     root    3u  IPv6 0xffffffff89c67580        0t0  TCP   ssh  LISTEN  sshd     5090     root    3u  IPv6 0xffffffffa8668580   0t322598  TCP host domain com ssh- gt 21 43 65 87 52364  ESTABLISHED  sshd     5091   johngh    4u  IPv6 0xffffffffa8668580   0t322598  TCP host domain com ssh- gt 21 43 65 87 52364  ESTABLISHED    Which shows you exactly what you re asking for   I had a problem yesterday with a crashed Jetty  Java  process  which only left 2 files in its  proc  PID  directory  psinfo  amp  usage    pfiles failed to find the process  because the date it needed was not there   lsof found it for me

User · Answer

Most probly sun s administrative server   It s usually bundled along with sun s directory and a few other webmin-ish stuff that is in the default installation

User · Answer

netstat on Solaris will not tell you this  nor will older versions of lsof  but if you download and build install a newer version of lsof  this can tell you that     lsof -v lsof version information      revision  4 85     latest revision  ftp   lsof itap purdue edu pub tools unix lsof      latest FAQ  ftp   lsof itap purdue edu pub tools unix lsof FAQ     latest man page  ftp   lsof itap purdue edu pub tools unix lsof lsof man     configuration info  64 bit kernel     constructed  Fri Mar 7 10 32 54 GMT 2014     constructed by and on  user hostname     compiler  gcc     compiler version  3 4 3  csl-sol210-3 4-branch sol rpath      8 lt - - - -    SNIP    - - -   With this you can use the -i option     lsof -i 22 COMMAND   PID     USER   FD   TYPE             DEVICE   SIZE OFF NODE NAME sshd      521     root    3u  IPv6 0xffffffff89c67580        0t0  TCP   ssh  LISTEN  sshd     5090     root    3u  IPv6 0xffffffffa8668580   0t322598  TCP host domain com ssh- gt 21 43 65 87 52364  ESTABLISHED  sshd     5091   johngh    4u  IPv6 0xffffffffa8668580   0t322598  TCP host domain com ssh- gt 21 43 65 87 52364  ESTABLISHED    Which shows you exactly what you re asking for   I had a problem yesterday with a crashed Jetty  Java  process  which only left 2 files in its  proc  PID  directory  psinfo  amp  usage    pfiles failed to find the process  because the date it needed was not there   lsof found it for me

User · Answer

You might not want to  but your best bet is to grab the sunfreeware CD and install lsof   Other than that  yes you can grovel around in  proc with a shell script

User · Answer

I found this script somewhere  I don t remember where  but it works for me      bin ksh  line  ---------------------------------------------  pids    usr bin ps -ef   sed 1d   awk   print  2     if      -eq 0    then    read ans  Enter port you would like to know pid for    else    ans  1 fi  for f in  pids do     usr proc bin pfiles  f 2 gt  dev null    usr xpg4 bin grep -q  port   ans     if      -eq 0    then       echo  line       echo  Port   ans is being used by PID  c         usr bin ps -ef -o pid -o args   egrep -v  grep pfiles    grep  f    fi done exit 0   Edit  Here is the original source   Solaris  Which process is bound to a given port

User · Answer

usr bin bash   This is a little script based on the  pfiles  solution that prints the PID and PORT   pfiles  ls  proc  2 gt  dev null   awk         t   smatch   0 next  port     t    1   print smatch    0  next

User · Answer

This is sort of an indirect approach  but you could see if a website loads on your web browser of choice from whatever is running on port 80   Or you could telnet to port 80 and see if you get a response that gives you a clue as to what is running on that port and you can go shut it down   Since port 80 is the default port for http traffic chances are there is some sort of http server running there by default  but there s no guarantee

User · Answer

If you have access to netstat  that can do precisely that

User · Answer

usr bin bash   This is a little script based on the  pfiles  solution that prints the PID and PORT   pfiles  ls  proc  2 gt  dev null   awk         t   smatch   0 next  port     t    1   print smatch    0  next

User · Answer

I think the first answer is the best I wrote my own shell script developing this idea       bin sh if      -ne 1   then     echo  Sintaxis  n t      echo    0  port to search in process        exit else     MYPORT  1     for i in  ls  proc      do         pfiles  i   grep port   grep  port   MYPORT   gt   dev null        if      -eq 0            then            echo   Port  MYPORT founded in  i proccess     n n             echo  Details n t             pfiles  i   grep port   grep  port   MYPORT             echo   n t             echo  Process detail   n t             ps -ef   grep  i    grep -v grep        fi     done fi

User · Answer

Here s a one-liner   ps -ef  awk   print  2    xargs -I      sh -c  echo examining process     pfiles     grep 80     echo examining process PID  will be printed before each search  so once you see an output referencing port 80  you ll know which process is holding the handle  Alternatively use   ps -ef  grep  USER awk   print  2    xargs -I      sh -c  echo examining process     pfiles     grep 80    Since  pfiles  might not like that you re trying to access other user s processes  unless you re root of course

User · Answer

Most probly sun s administrative server   It s usually bundled along with sun s directory and a few other webmin-ish stuff that is in the default installation

User · Answer

From Solaris 11 2 onwards you can indeed do this with the netstat command  Have a look here  The -u switch is what you are looking for    If you are on a lower version of Solaris then - as others have pointed out - the Solaris way of doing this is some kind of script wrapper around pfiles command  Beware though that pfiles command halts the process for a split second in order to inspect it  For 99 9  of processes this is unimportant  Unfortunately we have a process that will give a core dump if it is hit with a pfiles command so we are a bit cautious about using the command  Your situation may be totally different if you are in the 99 9   meaning you can safely use the pfiles command

User · Answer

From Solaris 11 2 onwards you can indeed do this with the netstat command  Have a look here  The -u switch is what you are looking for    If you are on a lower version of Solaris then - as others have pointed out - the Solaris way of doing this is some kind of script wrapper around pfiles command  Beware though that pfiles command halts the process for a split second in order to inspect it  For 99 9  of processes this is unimportant  Unfortunately we have a process that will give a core dump if it is hit with a pfiles command so we are a bit cautious about using the command  Your situation may be totally different if you are in the 99 9   meaning you can safely use the pfiles command

User · Answer

I found this script somewhere  I don t remember where  but it works for me      bin ksh  line  ---------------------------------------------  pids    usr bin ps -ef   sed 1d   awk   print  2     if      -eq 0    then    read ans  Enter port you would like to know pid for    else    ans  1 fi  for f in  pids do     usr proc bin pfiles  f 2 gt  dev null    usr xpg4 bin grep -q  port   ans     if      -eq 0    then       echo  line       echo  Port   ans is being used by PID  c         usr bin ps -ef -o pid -o args   egrep -v  grep pfiles    grep  f    fi done exit 0   Edit  Here is the original source   Solaris  Which process is bound to a given port

User · Answer

Most probly sun s administrative server   It s usually bundled along with sun s directory and a few other webmin-ish stuff that is in the default installation

User · Answer

This is sort of an indirect approach  but you could see if a website loads on your web browser of choice from whatever is running on port 80   Or you could telnet to port 80 and see if you get a response that gives you a clue as to what is running on that port and you can go shut it down   Since port 80 is the default port for http traffic chances are there is some sort of http server running there by default  but there s no guarantee

User · Answer

Mavroprovato s answer reports more than only the listening ports  Listening ports are sockets without a peer  The following Perl program reports only the listening ports  It works for me on SunOS 5 10       usr bin env perl       Search the processes which are listening on the given port        For SunOS 5 10      use strict  use warnings   die  Port missing  unless   ARGV  gt   0  my  port   int  ARGV 0    die  Invalid port  unless  port  gt  0   my  pids  map   push  pids     if     gt  0    map   int        ls  proc    foreach my  pid   pids        open  PF   pfiles  pid 2 gt  dev null                 warn  Can not read pfiles  pid             lt PF gt       my  fd      my  type      my  sockname      my  peername      my  report   sub           if  defined  fd                if  defined  sockname  amp  amp    defined  peername                    print   pid  type  sockname n              while   lt PF gt             if     s   d                        amp  report                 fd   int   1               undef  type              undef  sockname              undef  peername            elsif    SOCK DGRAM SOCK STREAM       type    1            elsif   sockname  AF INET 6         port   port                  sockname    1            elsif   peername  AF INET      peername   1           amp  report        close  PF

User · Answer

I think the first answer is the best I wrote my own shell script developing this idea       bin sh if      -ne 1   then     echo  Sintaxis  n t      echo    0  port to search in process        exit else     MYPORT  1     for i in  ls  proc      do         pfiles  i   grep port   grep  port   MYPORT   gt   dev null        if      -eq 0            then            echo   Port  MYPORT founded in  i proccess     n n             echo  Details n t             pfiles  i   grep port   grep  port   MYPORT             echo   n t             echo  Process detail   n t             ps -ef   grep  i    grep -v grep        fi     done fi

User · Answer

This is sort of an indirect approach  but you could see if a website loads on your web browser of choice from whatever is running on port 80   Or you could telnet to port 80 and see if you get a response that gives you a clue as to what is running on that port and you can go shut it down   Since port 80 is the default port for http traffic chances are there is some sort of http server running there by default  but there s no guarantee

User · Answer

Here s a one-liner   ps -ef  awk   print  2    xargs -I      sh -c  echo examining process     pfiles     grep 80     echo examining process PID  will be printed before each search  so once you see an output referencing port 80  you ll know which process is holding the handle  Alternatively use   ps -ef  grep  USER awk   print  2    xargs -I      sh -c  echo examining process     pfiles     grep 80    Since  pfiles  might not like that you re trying to access other user s processes  unless you re root of course

User · Answer

If you have access to netstat  that can do precisely that

[unix] What process is listening on a certain port on Solaris?

Examples related to unix

Examples related to solaris