[TriLUG] which process is listening on this socket

Aaron Joyner aaron at joyner.ws
Wed Feb 29 15:46:26 EST 2012


I started to reply w/ the -ap suggestion earlier, with the caveat that
if you really meant what you said (SysV) it probably isn't an arg in
that old a version.  Others beat me to the punch while I was typing.
I'm going to assume it's not a fixed port that's listed in
/etc/services.

Depending on what this system is doing, you might be able to use a few
more interesting / brute-force options that won't require you to get a
working build environment going... but these ideas aren't valid on a
live serving system.  Here goes:
1) The simplest and most direct method would be to kill pids in a loop
until you kill the pid that causes the LISTEN to disappear.
2) Bring the system down to single user mode, gradually spin through
the init scripts by hand until the LISTEN returns.
3) If the port is fixed (ie. not dynamically allocated), grep for it
in the startup scripts and the binaries.  It's got to be specified
somewhere, although depending on the number of significant digits this
might be a needle-in-a-haystack problem (for example, finding that
OpenSSH listens on port 22 that way is a nonstarter... finding IRC on
6667 is a bit more practical, some custom daemon on port 31895 might
be easier still).

Good luck!
Aaron S. Joyner


On Wed, Feb 29, 2012 at 3:14 PM, Steve Holton <sph0lt0n at gmail.com> wrote:
> On Wed, Feb 29, 2012 at 2:37 PM, Alexey Toptygin <alexeyt at freeshell.org>wrote:
>
>> Not literally SVR4, but a descendant, surely? What's the exact system?
>
>
> sholton at rtpfvme1> uname -a
> UNIX_System_V rtpfvme1 4.0 R40V4.4 m88k mc88110
>
> Yes, literally.
>
> I'm looking into recreating a build environment, but autoconf wants a sane
> 'grep'
> and now we're 3 steps from hunting a socket user....
>
> (Funny, at one time I wanted to be an archaeologist when I grew up...)
>
> --
> Steve Holton
> sph0lt0n at gmail.com
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions



More information about the TriLUG mailing list