HPE Community
Operating System - HP-UX
1834469 Members
2942 Online
110067 Solutions
New Discussion

Re: How to trace a process?

 
zhaogui
Super Advisor

‎07-11-2002 12:31 AM

‎07-11-2002 12:31 AM

How to trace a process?

I don't how does one process got started since it is not in cron job and also not in /sbin/init.d, there is only one entry in /etc/inetd.conf:
tftp dgram udp wait root /usr/lbin/tftpd tftpd /opt/ignite /var/opt/ignite



# ps -ef|grep tftp
root 24525 694 237 May 30 ? 3663:55 tftpd /opt/ignite /var/opt/ignite
root 7595 7580 0 01:24:36 pts/tc 0:00 grep tftp

And one thing I am worried about is that it consumes 95% of CPU and load level is very high. Once I killed it, the load level from "top" droped significantly. On my another server there is still tftpd running and I want to find out how did it get started, anyone can help me?

Thanks,

0 Kudos
Reply
11 REPLIES 11
Tom Geudens
Honored Contributor

‎07-11-2002 12:39 AM

‎07-11-2002 12:39 AM

Re: How to trace a process?

Hi,
There's probably another system using the trivial ftp protocol to ftp to / from your system (in my humble opinion). You could check with "netstat -an" which system is connecting to your tftp port (you can find that in /etc/services, probably going to be 69).

Hope this gets you started ...
Regards,
Tom
A life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎07-11-2002 12:40 AM

‎07-11-2002 12:40 AM

Re: How to trace a process?


tftpd is started by inetd whenever a request is put to port
69 (tftp) from any host on your lan

Regards
Rainer

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎07-11-2002 12:53 AM

‎07-11-2002 12:53 AM

Re: How to trace a process?

hi,

use lsof to identify which process is invoking tftp, u can use
lsof -i:tftp

then kill that process
regds
Never Say No
0 Kudos
Reply
zhaogui
Super Advisor

‎07-11-2002 12:56 AM

‎07-11-2002 12:56 AM

Re: How to trace a process?

I couldn't find out anything with port 69 from "netstat -an
". Could tftpd be started by make_tape_recovery since tftpd got something to do with Ignite/UX as it is shown in /etc/inetd.conf? I tried on another old server and even there is a same entry for tftpd in inetd.conf, I didn't find tftpd running even after I rebooted the server. So how do I know how did it get started?
0 Kudos
Reply
zhaogui
Super Advisor

‎07-11-2002 01:12 AM

‎07-11-2002 01:12 AM

Re: How to trace a process?

# lsof -i:tftp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
inetd 694 root 7u inet 0x4844a268 0t0 UDP *:tftp (Idle)
tftpd 24525 root 0u inet 0x4844a268 0t0 UDP *:tftp (Idle)
tftpd 24525 root 1u inet 0x4844a268 0t0 UDP *:tftp (Idle)
tftpd 24525 root 2u inet 0x4844a268 0t0 UDP *:tftp (Idle)
0 Kudos
Reply
Tom Geudens
Honored Contributor

‎07-11-2002 01:20 AM

‎07-11-2002 01:20 AM

Re: How to trace a process?

Hi,
For tftp to work there should be a tftp user in /etc/passwd. Is it there on the systems that have the problem ?

Regards,
Tom
A life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
zhaogui
Super Advisor

‎07-11-2002 01:29 AM

‎07-11-2002 01:29 AM

Re: How to trace a process?

No tftp in /etc/passwd
0 Kudos
Reply
Rainer von Bongartz
Honored Contributor

‎07-11-2002 01:34 AM

‎07-11-2002 01:34 AM

Re: How to trace a process?

According to the manual you should add something like

tftp:*:510:101:tftp server:/home/tftpdir:/usr/bin/false

Regards
Rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
0 Kudos
Reply
zhaogui
Super Advisor

‎07-11-2002 01:40 AM

‎07-11-2002 01:40 AM

Re: How to trace a process?

No. I don't use tftp. That is I got a surprise when I saw tftpd is running there and eat up a lot of CPU resource and that even affect our application.

So now I want to investigate how did that happen?
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎07-11-2002 02:00 AM

‎07-11-2002 02:00 AM

Re: How to trace a process?

tftp comes along with the ignite bundle.
tftp is used for network related operations using ignite like instl_adm,make_net_recovery.
When the client is booted up using the bootp protocol the server uses tftp to push files to the client.

If you are just using make_tape_recovery or make_recovery of the ignite product tftp is not required.might be you can comment it in the inetd.conf file.Later if you need it you can enable it.

Also performing a recovery using a local tape drive should not cause a problem.

Thanks
0 Kudos
Reply
zhaogui
Super Advisor

‎07-11-2002 04:33 PM

‎07-11-2002 04:33 PM

Re: How to trace a process?

Now tftpd is still running on one of my servers, is tehre any way to find out how did it get started?
# ps -ef|grep tftp
root 24525 694 255 May 30 ? 4552:11 tftpd /opt/ignite /var/opt/ignite
In cron job list there is only one script running "make_tape_recovery". Besides this I don't know what program triggered tftpd. The parent process of tftpd is inetd, but it should be triggered by something else. What is that?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.