Skip to content

标题: [Solaris]查找侦听指定端口的进程

https://scz.617.cn/unix/201509171508.txt

查找侦听指定端口的进程,对于系统管理员来说,是个永恒的话题。历史上Solaris 可以用第三方的lsof,也可以用自带的pfiles。后来,还可以用mdb达成任务。本文 主要是演示mdb的高阶用法之一。

netstat -na -P tcp -f inet | grep LISTEN

  *.111                *.*                0      0 49152      0 LISTEN
  *.32771              *.*                0      0 49152      0 LISTEN
  *.4045               *.*                0      0 49152      0 LISTEN
  *.32772              *.*                0      0 49152      0 LISTEN
  *.32773              *.*                0      0 49152      0 LISTEN
  *.32774              *.*                0      0 49152      0 LISTEN
  *.32775              *.*                0      0 49152      0 LISTEN
  *.32776              *.*                0      0 49152      0 LISTEN
  *.23                 *.*                0      0 49152      0 LISTEN
  *.22                 *.*                0      0 49152      0 LISTEN
  *.21                 *.*                0      0 49152      0 LISTEN
  *.79                 *.*                0      0 49152      0 LISTEN
  *.513                *.*                0      0 49152      0 LISTEN
  *.514                *.*                0      0 49152      0 LISTEN
  *.7100               *.*                0      0 49152      0 LISTEN
  *.32777              *.*                0      0 49152      0 LISTEN
  *.5987               *.*                0      0 49152      0 LISTEN
  *.898                *.*                0      0 49152      0 LISTEN
  *.32778              *.*                0      0 49152      0 LISTEN
  *.5988               *.*                0      0 49152      0 LISTEN
  *.32779              *.*                0      0 49152      0 LISTEN
  *.6788               *.*                0      0 49152      0 LISTEN
  *.6789               *.*                0      0 49152      0 LISTEN
  *.32785              *.*                0      0 49152      0 LISTEN
  *.32786              *.*                0      0 49152      0 LISTEN
  *.32787              *.*                0      0 49152      0 LISTEN
  *.6000               *.*                0      0 49152      0 LISTEN
  *.6000               *.*                0      0 49152      0 LISTEN

127.0.0.1.32782 . 0 0 49152 0 LISTEN .32794 .* 0 0 49152 0 LISTEN

现在想知道谁在侦听"127.0.0.1.32782"。

对于Solaris,第三方的lsof是首选:

lsof -ni tcp:32782

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 1646 noaccess 11u IPv4 0x3000052b500 0t0 TCP 127.0.0.1:32782 (LISTEN)

/usr/ucb/ps axunw 1646

UID PID %CPU %MEM SZ RSS TT S START TIME COMMAND 60002 1646 0.1 5.213912050696 ? S Jun 13 27:08 /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.security.manager -Djava.security.policy==/var/opt/webconsole/policy/console.policy -classpath /usr/apache/tomcat/bin/bootstrap.jar:/usr/jdk/instances/jdk1.5.0/lib/tools.jar:/usr/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:/usr/lib/audit/Audit.jar:/usr/jdk/packages/javax.help-2.0/lib/jhall.jar -Djavax.net.ssl.trustStore=/etc/opt/webconsole/keystore -Dcatalina.home=/usr/apache/tomcat -Dcatalina.base=/var/opt/webconsole -Dcom.sun.web.console.home=/usr/share/webconsole -Dcom.sun.web.console.base=/var/opt/webconsole -Dcom.sun.web.console.appbase=/var/opt/webconsole/webapps -Dcom.sun.web.console.secureport=6789 -Dcom.sun.web.console.unsecureport=6788 -Dcom.sun.web.console.unsecurehost=127.0.0.1 -Dcom.sun.web.console.logdir=/var/log/webconsole -Dwebconsole.default.file=/etc/default/webconsole -Dwebconsole.config.file=/etc/opt/webconsole/webconsole -Dcom.sun.web.console.startfile=/var/tmp/webconsole.tmp -Djava.awt.headless=true -Djava.security.auth.login.config=/var/opt/webconsole/conf/consolelogin.conf org.apache.catalina.startup.Bootstrap start

/usr/bin/ps -opid,ppid,uid,addr,fname,comm,args -p 1646

PID PPID UID ADDR COMMAND COMMAND COMMAND 1646 1 60002 3000069db88 java /usr/jdk/instances/jdk1.5.0/bin/java /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.

lsof -n -p 1646 | grep TCP

java 1646 noaccess 7u IPv4 0x3000052c0c0 0t0 TCP :6788 (LISTEN) java 1646 noaccess 8u IPv4 0x3000052ae80 0t0 TCP :32784 (BOUND) java 1646 noaccess 9u IPv4 0x3000053a0c0 0t0 TCP *:6789 (LISTEN) java 1646 noaccess 11u IPv4 0x3000052b500 0t0 TCP 127.0.0.1:32782 (LISTEN)

/usr/bin/pfiles也可以,但不能直接用,得写脚本。只能将所有进程、端口的对应 关系枚举完,再从中找我们关心的端口。

pfiles 1646

1646: /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilatio Current rlimit: 65536 file descriptors 0: S_IFCHR mode:0666 dev:287,0 ino:6815752 uid:0 gid:3 rdev:13,2 O_RDONLY|O_LARGEFILE /devices/pseudo/mm@0:null 1: S_IFREG mode:0644 dev:32,0 ino:36555 uid:60002 gid:60002 size:37269 O_WRONLY|O_LARGEFILE /var/log/webconsole/console_debug_log 2: S_IFREG mode:0644 dev:32,0 ino:36555 uid:60002 gid:60002 size:37269 O_WRONLY|O_LARGEFILE /var/log/webconsole/console_debug_log 3: S_IFCHR mode:0666 dev:287,0 ino:6815772 uid:0 gid:3 rdev:13,12 O_RDWR FD_CLOEXEC /devices/pseudo/mm@0:zero 4: S_IFDOOR mode:0444 dev:296,0 ino:61 uid:0 gid:0 size:0 O_RDONLY|O_LARGEFILE FD_CLOEXEC door to nscd[89] /var/run/name_service_door 5: S_IFCHR mode:0644 dev:287,0 ino:99614724 uid:0 gid:3 rdev:190,0 O_RDONLY|O_LARGEFILE /devices/pseudo/random@0:random 6: S_IFCHR mode:0644 dev:287,0 ino:99614726 uid:0 gid:3 rdev:190,1 O_RDONLY|O_LARGEFILE /devices/pseudo/random@0:urandom 7: S_IFSOCK mode:0666 dev:293,0 ino:4736 uid:0 gid:0 size:0 O_RDWR SOCK_STREAM SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(49152),IP_NEXTHOP(0.0.192.0) sockname: AF_INET 0.0.0.0 port: 6788 8: S_IFSOCK mode:0666 dev:293,0 ino:4736 uid:0 gid:0 size:0 O_RDWR SOCK_STREAM SO_SNDBUF(49152),SO_RCVBUF(49152),IP_NEXTHOP(0.0.192.0) sockname: AF_INET 0.0.0.0 port: 6788 9: S_IFSOCK mode:0666 dev:293,0 ino:28574 uid:0 gid:0 size:0 O_RDWR SOCK_STREAM SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(49152),IP_NEXTHOP(0.0.192.0) sockname: AF_INET 0.0.0.0 port: 6789 11: S_IFSOCK mode:0666 dev:293,0 ino:28564 uid:0 gid:0 size:0 O_RDWR SOCK_STREAM SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(49152),IP_NEXTHOP(0.0.192.0) sockname: AF_INET 127.0.0.1 port: 32782

pfiles -n 1646

1646: /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilatio Current rlimit: 65536 file descriptors 0: S_IFCHR mode:0666 dev:287,0 ino:6815752 uid:0 gid:3 rdev:13,2 1: S_IFREG mode:0644 dev:32,0 ino:36555 uid:60002 gid:60002 size:37269 2: S_IFREG mode:0644 dev:32,0 ino:36555 uid:60002 gid:60002 size:37269 3: S_IFCHR mode:0666 dev:287,0 ino:6815772 uid:0 gid:3 rdev:13,12 4: S_IFDOOR mode:0444 dev:296,0 ino:61 uid:0 gid:0 size:0 5: S_IFCHR mode:0644 dev:287,0 ino:99614724 uid:0 gid:3 rdev:190,0 6: S_IFCHR mode:0644 dev:287,0 ino:99614726 uid:0 gid:3 rdev:190,1 7: S_IFSOCK mode:0666 dev:293,0 ino:4736 uid:0 gid:0 size:0 8: S_IFSOCK mode:0666 dev:293,0 ino:4736 uid:0 gid:0 size:0 9: S_IFSOCK mode:0666 dev:293,0 ino:28574 uid:0 gid:0 size:0 11: S_IFSOCK mode:0666 dev:293,0 ino:28564 uid:0 gid:0 size:0

pfiles 1646 | grep sockname

    sockname: AF_INET 0.0.0.0  port: 6788
    sockname: AF_INET 0.0.0.0  port: 32784
    sockname: AF_INET 0.0.0.0  port: 6789
    sockname: AF_INET 127.0.0.1  port: 32782

还可以用mdb,比pfiles要直接些:

ndd /dev/tcp tcp_listen_hash

TCP            zone IP addr         port  seqnum   backlog (q0/q/max)

000 30000530280 0 ::ffff:0.0.0.0 00514 00000000 0/0/16 ... 142 3000052b700 0 ::ffff:127.0.0.1 32782 00000000 0/0/2 ...

3000052b700 ::print tcp_t tcp_rq | ::q2stream | ::stdata -v ADDR WRQ FLAGS VNODE N/A REF 000003000306ee50 0000030003060478 00000000 0000030003073c40 0/0 0 0000030003073c40 ::whereopen file 3000467c550 3000069db88

获取vnode的另一种方案:

3000052b700 ::print tcp_t tcp_rq | ::q2stream | ::print -at stdata_t sd_vnode 3000306ee60 struct vnode *sd_vnode = 0x30003073c40 3000052b700 ::print tcp_t tcp_rq | ::q2stream | ::print -at stdata_t sd_vnode | ::whereopen file 3000467c550 3000069db88

3000069db88是proc_t:

3000069db88 ::ps -f S PID PPID PGID SID UID FLAGS ADDR NAME R 1646 1 7 7 60002 0x4a004000 000003000069db88 /usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.