HPE Community
Operating System - HP-UX
1834844 Members
2412 Online
110070 Solutions
New Discussion

Which process is bound to tcp socket

 
SOLVED
Go to solution
Brandon Poyner
Occasional Advisor

‎11-14-2005 01:54 AM

‎11-14-2005 01:54 AM

Which process is bound to tcp socket

After rebooting our rp7410 (hp-ux 11.11) system something has bound to tcp port 992 before inetd could claim it for another service we provide.

netstat can see something listening on 992, telnet confirms it, but 'lsof -i :992' returns nothing. I've tried multiple versions of lsof, tried using it without any arguments and piping through grep, nothing is returned. Any suggestions for tracking this one down? Thanks.

# netstat -an | grep LISTEN | grep 992
tcp 0 0 *.992 *.*
LISTEN

# telnet localhost 992
Trying...
Connected to localhost.
Escape character is '^]'.
help
Connection closed by foreign host.

0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎11-14-2005 01:57 AM

‎11-14-2005 01:57 AM

Re: Which process is bound to tcp socket

Hello Brandon,

A utility called lsof might help.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.75/

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎11-14-2005 02:01 AM

‎11-14-2005 02:01 AM

Solution

Re: Which process is bound to tcp socket

Hey;

It sounds like the inetd daemon is listening on that port. Try telnetting to the port and leave the connection open, then use the "lsof -i :992"

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
Brandon Poyner
Occasional Advisor

‎11-14-2005 02:04 AM

‎11-14-2005 02:04 AM

Re: Which process is bound to tcp socket

Thanks, telneting to the port and lsof'ing confirmed that inetd is indeed the culprit.
0 Kudos
Reply
Brandon Poyner
Occasional Advisor

‎11-14-2005 02:16 AM

‎11-14-2005 02:16 AM

Re: Which process is bound to tcp socket

Ok, I was too quick to jump to conclusions there. The results from lsof weren't what I thought I was seeing because I was telneting to localhost. From another host I can telnet to port 992 and you can see the connection in netstat. I still don't see anything in lsof.

# netstat -an | grep 992
tcp 0 0 192.168.0.20.992 192.168.0.21.2337 ESTABLISHED
tcp 0 0 *.992 *.* LISTEN

# lsof -P | grep :992 | wc -l
0
0 Kudos
Reply
Brandon Poyner
Occasional Advisor

‎11-14-2005 02:32 AM

‎11-14-2005 02:32 AM

Re: Which process is bound to tcp socket

I found a similar thread in the Tru64 forum, the solution was run a debugger on the running kernel. Could something similar be done here?

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=945634
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎11-14-2005 02:48 AM

‎11-14-2005 02:48 AM

Re: Which process is bound to tcp socket

Hi Brandon,

According to IANA.org port 992 tcp/udp is as follows:

telnets 992/tcp telnet protocol over TLS/SSL
telnets 992/udp telnet protocol over TLS/SSL

Generally you don't want to use *any* port < 1024 because they all pre-assigned.

Here's where you can view them:

http://www.iana.org/assignments/port-numbers

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Brandon Poyner
Occasional Advisor

‎11-14-2005 03:03 AM

‎11-14-2005 03:03 AM

Re: Which process is bound to tcp socket

Correct, we are using a 3rd party telnets server that is served by inetd. However inetd is unable to bind to port 992 as something else is listening on 992. We then commented out our telnets line in inetd.conf, reloaded the configurating, and something is still listening on 992.

Nov 12 20:51:45 prod3 inetd[1779]: Reading configuration
...
Nov 12 20:51:45 prod3 inetd[1779]: telnets/tcp: bind: Address already in use
Nov 12 20:51:45 prod3 inetd[1779]: telnets/tcp: Added service, server /usr/ud61/
bin/udtelnetd
Nov 12 21:01:47 prod3 inetd[1779]: telnets/tcp: bind: Address already in use
Nov 12 21:01:47 prod3 inetd[1779]: telnets/tcp: Service enabled
Nov 12 21:11:47 prod3 inetd[1779]: telnets/tcp: bind: Address already in use
Nov 12 21:11:47 prod3 inetd[1779]: telnets/tcp: Service enabled
...
Nov 14 08:00:16 prod3 inetd[1779]: Rereading configuration
Nov 14 08:00:16 prod3 inetd[1779]: telnets/tcp: Deleted service
Nov 14 08:00:16 prod3 inetd[1779]: Thru with configuration
Nov 14 08:00:16 prod3 inetd[1779]: Configuration complete

0 Kudos
Reply
Brandon Poyner
Occasional Advisor

‎11-14-2005 06:19 AM

‎11-14-2005 06:19 AM

Re: Which process is bound to tcp socket

The answer is here is to use crashinfo. You have to request this from HP, there is no public download available. In our case it turns out rpc.yppasswdd had taken over the telnets port. It would be nice to know how to stop it from doing that in the future.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.