Solaris Local Zones lsof

In Solaris local zone lsof will not work.By default all the application should have configured with
specific port number.But sometimes your application will not start if that port has been already
occupied by another application process.In this situation, you will get error like unable to bind port
<port-number>if you try to start the application. Traditionally we will use lsof command to determine
what process is using the particular port.But in Solaris 10 local zones , you cant use lsof. The below
script will help you to find what process is occupying the specific port on Solaris servers and this script
will be very useful on Solaris zones.
Script :
#!/bin/ksh
# Website-www.UnixArena.com
line='---------------------------------------------'
pids=$(/usr/bin/ps -ef | sed 1d | awk '{print $2}')

if [ $# -eq 0 ]; then
read ans?"Enter port you would like to know pid for: "
else
ans=$1
fi

for f in $pids
do
/usr/proc/bin/pfiles $f 2>/dev/null | /usr/xpg4/bin/grep -q "port: $ans"
if [ $? -eq 0 ]; then
echo $line
echo "Port: $ans is being used by PID:\c"
/usr/bin/ps -ef -o pid -o args | egrep -v "grep|pfiles" | grep $f
fi
done
exit 0

How to use the script ?
1.Copy the script to Solaris local zones and make the script as executable.
# chmod 555 check_port.sh
# ls -lrt check_port.sh
-r-xr-xr-x 1 root root 517 Jan 29 10:11 check_port.sh
#

2.Execute the script and enter the port number.
# ./check_port.sh
Enter port you would like to know pid for: 8232
---------------------------------------------
Port: 8232 is being used by PID:12864 /usrweb/exe/jlaunch pf=/usr/web/SYS/profile/mydb -SD
---------------------------------------------
#
#

3.Once you got the process ID ,then its easy to trace it about that process.
# ps -ef |grep 12864
ora1adm 12864 327 0 Jan 19 ? 25:51 /usrweb/exe/jlaunch
pf=/usr/web/SYS/profile/mydb -SD
root 29676 17719 0 10:13:34 pts/49 0:00 grep 12864
#

You can check with the ora1adm user and ask him to stop the process if you want to use the port 8232
for other applications.If the user is not able to stop this process,you can kill the process using pkill pid
or kill -9 pid commands with proper approvals.


#! /bin/sh

if [ $# -ne 1 ]; then
echo "Usage: $0 "
exit 1
fi
listen=$1


PATH=/usr/bin:/bin
export PATH


#
# skip process 0
#
cd /proc
for i in [1-9][0-9]*
do
pfiles $i | nawk -v listen=$listen '
BEGIN {
found=0
}
NR==1 {
process=$0
}
/sockname/ && $NF == listen {
getline
if ( ! /peername/ ) {
found=1
exit
}
}
END {
if ( found == 1 ) {
printf("%s\n",process)
}
}'
done


Sometimes it is required to find out the process that is running on a specific network port, and one
common example is if an application configured to use a specific port which is already bind by some of
other process, we should figure out first which process actually bound to a specific network port.

It is easy to find out this information if the lsof already installed in the machine, if not follow the below
procedure to figure out the all the sockets used by each process running in the system

# cd /proc ; /usr/proc/bin/pfiles * | egrep ^[0-9]|sockname | more
.
968: in.ftpd
sockname: AF_INET6 ::ffff:10.1.1.77 port: 21
sockname: AF_INET6 ::ffff:10.1.1.77 port: 21

If lsof is already installed

example1 :

# netstat -an |grep 7100
*.7100 *.* 0 0 0 0 LISTEN

# /usr/local/bin/lsof -i TCP:7100
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

example 2: find out the process related to a CLOSE_WAIT connection

# netstat -an |grep CLOSE_WAIT
10.10.192.103.58046 10.10.37.122.44788 24820 0 24820 0 CLOSE_WAIT

lsof showd the PID and process associated with that port.

# /usr/local/bin/lsof -i | grep 44788
netscape 27096 steve 34u inet 0x300039bf760 0t0 TCP hodware:58046->nop:44788 (CLOSE_WAIT)

# ps -elf |grep 27096
8 S steve 27096 19185 0 51 20 9307 Feb 18 pts/19 50:03 /opt/netscape/netscape

example 3:
# netstat -a

hodware.36169 ravin.telnet 8760 0 8760 0 ESTABLISHED

# lsof -i TCP@hodware:36169
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
telnet 2686 steve 6u inet 0x709f21e8 0t0 TCP hodware:36169->ravin:telnet (ESTABLISHED)

example 4: To list all network TCP connections with a specific process like snmpx
# lsof -i -P | grep snmpdx
snmpdx 5771 root 4u inet 0x60f5add0 0t0 UDP *:161 (Idle)
snmpdx 5771 root 5u inet 0x60ded648 0t0 UDP *:38725 (Idle)
snmpdx 5771 root 6u inet 061101358 0t0 UDP *:38726 (Idle)