HPE Community
Operating System - HP-UX
1836648 Members
1971 Online
110102 Solutions
New Discussion

Map TCP port to pid

 
Rodney Hills
Honored Contributor

‎01-21-2005 05:32 AM

‎01-21-2005 05:32 AM

Map TCP port to pid

I've been monitoring network traffic with "ethereal" and I was wondering how I can find the process that is communicating with the remote host.

For instance, ethereal gives me the source/destination ip addresses plus the source port number and destination port number. The destination port is 23 (telnet) and the source port is 1058. I did a netstat -an and looked for 1058 and found one line that said a connection is established, but it didn't include the pid. I tried lsof and looked for inet connections but nothing comes close to 1058.

Any ideas?

thanks in advance
-- Rod Hills
There be dragons...
0 Kudos
Reply
11 REPLIES 11
harry d brown jr
Honored Contributor

‎01-21-2005 05:43 AM

‎01-21-2005 05:43 AM

Re: Map TCP port to pid

lsof

http://hpux.ee.ualberta.ca/hppd/hpux/Sysadmin/lsof-4.73/

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
John Poff
Honored Contributor

‎01-21-2005 05:46 AM

‎01-21-2005 05:46 AM

Re: Map TCP port to pid

Hi,

I'm surprised lsof didn't see the connection. You said you ran it for inet connections. What command line did you use for lsof?

JP
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎01-21-2005 05:48 AM

‎01-21-2005 05:48 AM

Re: Map TCP port to pid

I ran with no options-

pegasus opt # lsof | grep TCP | grep GR
uvsh 10081 GR43 6u inet 0x4ca0ce00 0t0 TCP *:54285 (IDLE)

Most of the port numbers are in the 50000 range.

-- Rod Hills
There be dragons...
0 Kudos
Reply
John Poff
Honored Contributor

‎01-21-2005 05:56 AM

‎01-21-2005 05:56 AM

Re: Map TCP port to pid

That's strange. I just ran lsof on one of my boxes here, where I have a telnet session to another box, and the local port shows up in my lsof output, out in the last column on the right for my telnetd process. I like to run lsof and redirect all the output to a file so I can peruse it all.

JP
0 Kudos
Reply
John Poff
Honored Contributor

‎01-21-2005 06:13 AM

‎01-21-2005 06:13 AM

Re: Map TCP port to pid

I'm curious about the port 1058. It sure sounds like an awful low port number for telnetd to use, but I'm not an expert.

I poked around on Google and the only software I could see that lays claim to port 1058 is 'nim', which stands for Network Information Management and runs on AIX.

JP
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎01-21-2005 07:17 AM

‎01-21-2005 07:17 AM

Re: Map TCP port to pid

We are running Intermec wireless handheld barcode readers. The barcode reader connects to an access point, which in turn establishes a UDP session to an Intermec Controller. That controller then establishes a telnet session to our HPUX system.

We are getting lag times up to a minute on the barcode readers and I was trying to use ethereal to monitor the connections, but I need to tie the frozen barcode reader back to a process.

-- Rod Hills
There be dragons...
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎01-21-2005 07:29 AM

‎01-21-2005 07:29 AM

Re: Map TCP port to pid

Rod,

try this:

lsof -nP | grep 1058

I telnet'd from my M$:pc (with ethereal on it) to a unix box and my source port from my pc=1468 with dest on my unix box=23, and lsof shows:

[root@vpart1 /opt/patches]# lsof -nP | grep 1468
telnetd 25986 root 0u inet 0x5c4f66c0 0t0 TCP 10.2.109.29:23->10.2.181.64:1468 (ESTABLISHED)
telnetd 25986 root 1u inet 0x5c4f66c0 0t0 TCP 10.2.109.29:23->10.2.181.64:1468 (ESTABLISHED)
telnetd 25986 root 2u inet 0x5c4f66c0 0t0 TCP 10.2.109.29:23->10.2.181.64:1468 (ESTABLISHED)
[root@vpart1 /opt/patches]#

the -P says no port names and the -n says no host names.

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
John Poff
Honored Contributor

‎01-21-2005 07:35 AM

‎01-21-2005 07:35 AM

Re: Map TCP port to pid

So you are running ethereal on your HP-UX box, which is on the receiving end of the telnet connection from your Intermec controller, and you see the connection in netstat -an with port 23 on one end and port 1058 on the other end? Do you see a telnet session for the controller when you do a 'who -u'? If so, the output from who -u includes the PID of the login process, which might help track down the process you are looking for and help you find it in the lsof output.

JP
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎01-21-2005 08:41 AM

‎01-21-2005 08:41 AM

Re: Map TCP port to pid

Harry,

All my telnetd sessions look like this-
telnetd 2286 root 0u inet 0x5b9bccc0 0t0 TCP (ESTABLISHED)

Says its a TCP, but no details.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎01-21-2005 08:43 AM

‎01-21-2005 08:43 AM

Re: Map TCP port to pid

John,

I have a couple dozen of these handhelds connected to my HPUX. I can see the pid for all these, but I can't tie it back to the TCP port connection.

-- Rod Hills
There be dragons...
0 Kudos
Reply
John Poff
Honored Contributor

‎01-21-2005 09:15 AM

‎01-21-2005 09:15 AM

Re: Map TCP port to pid

One hack to find your PID is to take a snapshot of the process table (ps -ef>ps.txt or something), turn on one of the handhelds, and then take another process snapshot to see what might have shown up. It is a hack, but it might give you a clue about what process is running. Also, I'd suggest redirecting all the output of lsof to a file and looking at that, as opposed to grep'ing out the bits you need. I always like to have as much info available as possible.

Looking at the overall problem, I'd suggest taking a look at the wireless access. If you were having network issues with your HP-UX system you would have lots of other things running slow also. Maybe somebody hooked up a device that is conflicting with the wireless part (another wireless hub, a cordless phone, etc.), or maybe the wireless hub that the Intermec connects to is having problems.

We have Intermec wireless handheld devices running in our remote locations, and one of our guys told me yesterday that they are having issues at one site, so this is an interesting problem for me.

Good luck!

JP
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.