HPE Community
Operating System - HP-UX
1827459 Members
3788 Online
109965 Solutions
New Discussion

TCP/IP Socket and Server Process mapping

 
SANTOSH S. MHASKAR
Trusted Contributor

‎06-20-2008 12:07 AM

‎06-20-2008 12:07 AM

TCP/IP Socket and Server Process mapping

Hi,

I have 2 hpux 11.11 servers one as Oracle App. Server and other Oracle DB Server.

The End Users connects to J2EE Application
deployed on 1st Server using browser at there end.
The app. server connects to Oracle Database in
2nd Server.

On First Server (J2EE App. Server) by using netstat -a command
--------------------------------------
[oracle@myserver]$ netstat -an|grep EST|more
tcp 0 0 10.22.28.93.7779 10.22.22.243.1097 ESTABLISHED
tcp 0 0 127.0.0.1.49256 127.0.0.1.49545 ESTABLISHED
tcp 0 0 10.22.28.93.7779 10.22.20.184.1094 ESTABLISHED
tcp 0 0 10.22.28.93.53111 10.22.28.90.6000 ESTABLISHED
tcp 0 0 10.22.28.93.7779 10.22.22.185.3057 ESTABLISHED

--------------------------------------

How can I map eg. 10.22.28.93.7779 10.22.22.185.3057 to corresponding Unix process.

Can anybody help on this.

Thanks in Advance.

-Santosh
0 Kudos
Reply
16 REPLIES 16
Kapil Jha
Honored Contributor

‎06-20-2008 12:17 AM

‎06-20-2008 12:17 AM

Re: TCP/IP Socket and Server Process mapping

I think you are looking for /etc/services file , in this you can define port number which will be used for a partucular service.
Hope this help.
BR,
Kapil
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎06-20-2008 12:33 AM

‎06-20-2008 12:33 AM

Re: TCP/IP Socket and Server Process mapping

No Kapil,

I just want to know the socket
10.22.28.93.7779 10.22.22.185.3057 is running
which OS process.

I want to know mapping 10.22.28.93.7779 10.22.22.185.3057 with OS PID.
0 Kudos
Reply
Ivan Krastev
Honored Contributor

‎06-20-2008 01:22 AM

‎06-20-2008 01:22 AM

Re: TCP/IP Socket and Server Process mapping

Use lsof utility:

lsof -i -n | grep IP

here is an example output:
java 11360 bin 32u inet 0x5bf08340 0t581816 TCP 127.0.0.1:50383->127.0.0.1:32000 (ESTABLISHED)

11360 is a PID.

regards,
ivan
0 Kudos
Reply
Fabien GUTIERREZ
Frequent Advisor

‎06-20-2008 01:51 AM

‎06-20-2008 01:51 AM

Re: TCP/IP Socket and Server Process mapping

on your backend server you can issue the folowing command
lsof -i @IP_adress_of_your_first_server
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎06-20-2008 02:23 AM

‎06-20-2008 02:23 AM

Re: TCP/IP Socket and Server Process mapping

Thanks Ivan

lsof solution worked.

Now Can U help me on following.

netstat -a|grep 38.122|grep EST

returns

tcp 0 0 10.22.28.93.7779 10.22.38.122.1344 ESTABLISHED

from this I can get Unix PID as follows

lsof -i:7779|grep 38.122|more

returns

httpd 21338 oracle 29u IPv4 0x4c74a400 0t156370 TCP 10.22.28.93:7779->10.
22.38.122:1344 (ESTABLISHED)

ps -ef|grep 21228

returns
oracle 21338 11643 0 13:42:12 ? 0:00 /orasoft/app/oracle/Ora9iAS/Ora9iBI/Apache/Apache/bin/httpd -d

which is a httpd process which is generated
by browser of end user with IP
10.22.38.122

Now this httpd process is using java process to connect to database in other server, I want to get socket info for that java process
How can I achive this.

Pl. guide.

-Santosh
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎06-21-2008 01:17 AM

‎06-21-2008 01:17 AM

Re: TCP/IP Socket and Server Process mapping

Hi,

Can anybody help me on this.

-Santosh
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎06-21-2008 02:46 AM

‎06-21-2008 02:46 AM

Re: TCP/IP Socket and Server Process mapping

If you know the PID number of that Java process, you can run "lsof -p ".

You'll probably see *many* files and network sockets. The problem is, you cannot tell which socket belongs to a particular request coming from a certain httpd process. The only chance to identify this would be to increase the logging level of the Java process and hope that the debug logs contain the necessary information.

What's the problem you're trying to solve by mapping the connections? There might be other ways.

MK
MK
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎06-23-2008 10:52 PM

‎06-23-2008 10:52 PM

Re: TCP/IP Socket and Server Process mapping

Hi Matti,

The Problem is,

We have a 3 tier app.

End user from his PC (1st tier) using browser
access an J2EE app. (tier 2) running on server 1
(Oracle App. Server)
This J2EE app. (2nd tier) fetches data from database
server (tier 3) on server 2 (Oracle DB 10.2).

Now from Oralce OEM I can find which session
is doing what.

Now I want to map session (on server 2) to j2ee
process on server 1, and this j2ee process on
server 1 I want to map with End user's machine
In summary, I want to get IP Address of End user which runs
a given oracle session on server 2.

How can I do this, do u have any idea ?

Pl. help.


-Santosh
0 Kudos
Reply
Laurent Menase
Honored Contributor

‎06-23-2008 11:13 PM

‎06-23-2008 11:13 PM

Re: TCP/IP Socket and Server Process mapping

I think the easiest way is to make that your J2EE application log the information to your database, or in a file.

The application have all those informations available:
the remote address, and the command.

It is also the only way to be sure to not lose any information.

Else you need to write a daemon which run lsof to find the pid, - which is slow-,


0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎06-23-2008 11:48 PM

‎06-23-2008 11:48 PM

Re: TCP/IP Socket and Server Process mapping

Hi Laurent,

It is very difficult to go trough J2EE application log.

If I can find out the mapping, Then I can write a
script to find out IP address, no need to run
daemon for lsof.

Can you help me on this.

-Santosh
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎08-12-2008 01:19 AM

‎08-12-2008 01:19 AM

Re: TCP/IP Socket and Server Process mapping

Pl. somebody help me on this !

-Santosh
0 Kudos
Reply
Eric Lipede
Frequent Advisor

‎08-13-2008 06:56 AM

‎08-13-2008 06:56 AM

Re: TCP/IP Socket and Server Process mapping

Hi

i had the same issue...this might help..

kill_tcp_connections()
{
if [ $1 = 5632 ]
then
HEXNO=1600
ENVM=VMD1
fi
if [ $1 = 6661 ]
then
HEXNO=1A05
ENVM=UAT01
fi
if
ndd -get /dev/tcp tcp_status |grep "\[$HEXNO," |grep -v "\[$HEXNO,[!0]" > /dev/null 2>&1
then
ndd -get /dev/tcp tcp_status |grep "\[$HEXNO," |grep -v "\[$HEXNO,[!0]" | while read
do
#echo "killing $ENVM 0x`echo ${REPLY} | awk '{ print $1 }'` tcp ip connection"
ndd -set /dev/tcp tcp_discon '0x'`echo ${REPLY} | awk '{ print $1 }'`
done
fi
}
kill_tcp_connections 6661

..ill explain:


netstat output (for example is)
tcp 0 0 xxx.xx.xx.5632 xx10662-d.xx.xx.1628

note the 5632 and 1628 pair.

This represents the server/ client port-socket pairing.

Converting 5632 to hex we have -> 1600

Now

ndd -get /dev/tcp tcp_status | grep 1600

shows

e0000001fd3890a8 000.000.000.000 00000000 00000000 00000000 00000000 00000000 00000000 00004000 03000 00536 [1600,0] TCP_LISTEN
e0000001cff980a8 172.030.107.103 f7d902ba f7d902ba 0000fcc0 00001407 0c2467a8 0c2467a8 00004000 00500 01460 [1600,65c] TCP_ESTABLISHE

(note that 65c translates to the other socket number 1628)

so the ACTUAL connection representing the connection is Oxe0000001cff980a8

The kill script above simply shows how this info may used - hope this helps


Quod sum eris
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎08-13-2008 10:18 PM

‎08-13-2008 10:18 PM

Re: TCP/IP Socket and Server Process mapping

Hi,

Getting following error.

----------------------
[root@server2] #ndd -get /dev/tcp tcp_status
operation failed, Invalid argument
----------------------
0 Kudos
Reply
Eric Lipede
Frequent Advisor

‎08-13-2008 10:40 PM

‎08-13-2008 10:40 PM

Re: TCP/IP Socket and Server Process mapping

Hi there
pls remind me of what version unix you are using.

Also whats the result of

whereis ndd

and


ndd -get /dev/tcp tcp_status is the command ...are you putting a space between get and / ?

Eric
Quod sum eris
0 Kudos
Reply
SANTOSH S. MHASKAR
Trusted Contributor

‎08-14-2008 12:54 AM

‎08-14-2008 12:54 AM

Re: TCP/IP Socket and Server Process mapping

Hi Eric,

HP-UX Ver.: 11.11 PA-RISC

[root@server2] #whereis ndd
ndd: /usr/bin/ndd /usr/share/man/man1m.Z/ndd.1m

Also I'm putting space between get and /dev/tcp

See output below

[root@server2] #ndd -h tcp_status

tcp_status:

Obtains a complete report similar to "netstat -an" on all TCP
instances. Requests for this report through concurrent execution
of ndd instances are serialized through semaphore. Hence tcp_status
report invocation through ndd may appear to hang incase there is
an ndd instance generating tcp_status/udp_status report already
running on the system


Regards

-Santosh
0 Kudos
Reply
Eric Lipede
Frequent Advisor

‎08-14-2008 02:12 AM

‎08-14-2008 02:12 AM

Re: TCP/IP Socket and Server Process mapping

...http://www12.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_37671&sel={hpux:11.11,}&BC=main|search|

it looks like you may need the patch PHNE_37671
Quod sum eris
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.