12-17-2008
Identify process owning TCP connection on Solaris 10
I've been seeing outgoing TCP connections on a SPARC Solaris 10 box, that look like these in the output of netstat:
xxxx.46396 ipXXXXXX.speed.planet.nl.telnet 8192 0 49664 0 TIME_WAIT
They come and go and sometimes last for hours.
I am looking for owners of active, established TCP connections - not for listening TCP sockets.
Is there any way to tell :
1) which process owns (or owned) this connection ?
2) when was the connection created ?
Things I already tried that do not work:
a) lsof
b) 'pfiles' and utilities based on it
Can Solaris ipfilter be use to track this down ?
Thanks.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
We have developed a server program using TCP/IP Communication to communicate with another client program. After running for some days we find the TCP/IP connection from the server program is getting slower.
What i mean to say is since the send() function in the server program (it is... (2 Replies)
Discussion started by: rajesh_puru
2 Replies
2. UNIX for Advanced & Expert Users
Hi Experts,
need help about release or refresh TCP Connection:
i have the sample like below :
application log connection:
0500 ( 192.168.0.1:36053) 00919 2007/05/10 23:30:25 112 13 2007/05/10 23:30:25 1969/12/31 17:00:00
0500 ( 192.168.0.1:36054) 00920 2007/05/10 23:30:26 000 00... (3 Replies)
Discussion started by: bucci
3 Replies
3. Shell Programming and Scripting
Hello,
I am trying to write a script in Perl which will send some data from a UNIX Box to a windows box. I am planning to create a TCP/IP communication port for the same. How do I go about this? Kindly help.
Regards,
Garric (50 Replies)
Discussion started by: garric
50 Replies
4. Programming
Hello. I would like to know how to close an existing tcp socket. I have read some stuff and learned how to create a socket and then close it but have not found anything about how to close an existing tcp socket created by another application. The situation is this: I have an ODBC server running and... (6 Replies)
Discussion started by: raidzero
6 Replies
5. IP Networking
Why this happens?
How to solve this?
$netstat -na |grep 9325
tcp 0 0 127.0.0.1:9325 127.0.0.1:9325 ESTABLISHED
When a client socket repeatedly tries to connect to an inactive(no server socket is listening on this port) local port,connect succeeds.
... (1 Reply)
Discussion started by: johnbach
1 Replies
6. Solaris
Hi everyone,
I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies
7. Solaris
Hi,
I use solaris Unix .
I find there is some problem in application and it generate many "close-wait" tcp connect and stay in the server . it is generate by process id 7740
root@XX # netstat -an | grep CLOSE_WAIT | wc -l
285
root@XX # netstat -an | grep CLOSE_WAIT
10.158.35.4.34805 ... (2 Replies)
Discussion started by: abcdef
2 Replies
8. Programming
Hi.
I am writing client - server application using TCP sockets.
I need some very basic functionality, namely: how to check if another "participant" of the connection is still present?
I want to handle situations, when client is gone, or server breaks down, etc. (25 Replies)
Discussion started by: Shang
25 Replies
9. UNIX and Linux Applications
Good afternoon
i need your help, i am new at unix, in a ETL scenario like datastage is , there are a bunch of procesess (script shells) conecting to hetereogenius database source servers in order to extract information.
Ive got 2 questions
1. Using unix how can i identify exactly the... (1 Reply)
Discussion started by: alexcol
1 Replies
10. Solaris
I have problem with oracle solaris 10 running on oracle sparc T4-2 server.
Os information: 5.10 Generic_150400-03 sun4v sparc sun4v
Output from tcpstat.d script
TCP bytes: out outRetrans in inDup inUnorder
6833763 7300 98884 0... (2 Replies)
Discussion started by: insatiable1610
2 Replies
SS(8) System Manager's Manual SS(8)
NAME
ss - another utility to investigate sockets
SYNOPSIS
ss [options] [ FILTER ]
DESCRIPTION
ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state informations
than other tools.
OPTIONS
When no option is used ss displays a list of open non-listening TCP sockets that have established connection.
-h, --help
Show summary of options.
-V, --version
Output version information.
-n, --numeric
Do not try to resolve service names.
-r, --resolve
Try to resolve numeric address/ports.
-a, --all
Display both listening and non-listening (for TCP this means established connections) sockets.
-l, --listening
Display only listening sockets (these are omitted by default).
-o, --options
Show timer information.
-e, --extended
Show detailed socket information
-m, --memory
Show socket memory usage.
-p, --processes
Show process using socket.
-i, --info
Show internal TCP information.
-s, --summary
Print summary statistics. This option does not parse socket lists obtaining summary from various sources. It is useful when amount
of sockets is so huge that parsing /proc/net/tcp is painful.
-b, --bpf
Show socket BPF filters (only administrators are allowed to get these information).
-4, --ipv4
Display only IP version 4 sockets (alias for -f inet).
-6, --ipv6
Display only IP version 6 sockets (alias for -f inet6).
-0, --packet
Display PACKET sockets (alias for -f link).
-t, --tcp
Display TCP sockets.
-u, --udp
Display UDP sockets.
-d, --dccp
Display DCCP sockets.
-w, --raw
Display RAW sockets.
-x, --unix
Display Unix domain sockets (alias for -f unix).
-f FAMILY, --family=FAMILY
Display sockets of type FAMILY. Currently the following families are supported: unix, inet, inet6, link, netlink.
-A QUERY, --query=QUERY, --socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers are understood: all, inet, tcp, udp, raw, unix,
packet, netlink, unix_dgram, unix_stream, packet_raw, packet_dgram.
-D FILE, --diag=FILE
Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
-F FILE, --filter=FILE
Read filter information from FILE. Each line of FILE is interpreted like single command line option. If FILE is - stdin is used.
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
Please take a look at the official documentation (Debian package iproute-doc) for details regarding filters.
USAGE EXAMPLES
ss -t -a
Display all TCP sockets.
ss -u -a
Display all UDP sockets.
ss -o state established '( dport = :ssh or sport = :ssh )'
Display all established ssh connections.
ss -x src /tmp/.X11-unix/*
Find all local processes connected to X server.
ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
List all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.
SEE ALSO
ip(8), /usr/share/doc/iproute-doc-3.10.0/ss.ps (package iproute-doc)
AUTHOR
ss was written by Alexey Kuznetosv, <kuznet@ms2.inr.ac.ru>.
This manual page was written by Michael Prokop <mika@grml.org> for the Debian project (but may be used by others).
SS(8)