how to find which process owns a network session?

HI, experts,

As a normal UNIX user, I can use netstat to find out the network status of a SUN UNIX box. I can find out how many TCP/IP connections are established and what's IP address/port ( both  source and destination). However, what I want is to connect these information with the process ID. I want to know which process owns this network connection. ( With this, I can find out who is now connected to certain equipment).

How can I do that. Note that all these should be done in normal user account.
( I'm good at Perl, shell programing and C/C++ in UNIX).

It's not easy, I know :).
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'm mainly commenting because I want to see the updates to this.  

I don't see how it can be done without root privileges.  Do you have root access to the machine?  If so, you can set up a script that does netstat -ap as root, then sudoer anyone you want to have access to the info.

Hope someone has a more direct solution.  It's interesting.

The 'lsof' (List open files) utility can do this. It has to be installed with privileges, though, so it doesn't exactly meet your criterion. And you're right, it is not easy. I was very impressed by how much data this program can ferret out. And by how much work went into getting it.

The program has been ported to many versions of UNIX and to Linux.    

    | The latest release of lsof is always available via anonymous ftp |
    | from  Look in pub/tools/unix/lsof.|

zouweiAuthor Commented:
Hi, Rob and jmcg,

Thanks for the comments. lsof works good under root privileges. However, what I want is to write a scripe which even a normal user can use it to find out who is connected to that equipment ( shared by multiple users).

I'll wait a few more days to see if any suggestion comes in.

One of the reasons lsof comes with some elaborate PGP signatures and stuff is to get you to the point where you can _trust_ it to be installed SUID root. Your script can then run lsof (there're flags that will limit it to looking for sockets or even to a particular socket) and parse the output to find the particular things you're interested in.

The information you want is not available through the UNIX API, period. You have no choice but to use a (trusted) program to access the kernel data structures. The only other approach I can suggest is that you could place monitor processes in front of the resources you want to monitor that can record the connection information before handing the connection over to the real server (or modify the servers to do this for you, if you have source).
You can' t do it without at least an suid-to-root lsof (or equivalent) as the data for processes other than your own is only readable by root.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.