• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 282
  • Last Modified:

how to find which process owns a network session?

HI, experts,

As a normal UNIX user, I can use netstat to find out the network status of a SUN UNIX box. I can find out how many TCP/IP connections are established and what's IP address/port ( both  source and destination). However, what I want is to connect these information with the process ID. I want to know which process owns this network connection. ( With this, I can find out who is now connected to certain equipment).

How can I do that. Note that all these should be done in normal user account.
( I'm good at Perl, shell programing and C/C++ in UNIX).

It's not easy, I know :).
1 Solution
I'm mainly commenting because I want to see the updates to this.  

I don't see how it can be done without root privileges.  Do you have root access to the machine?  If so, you can set up a script that does netstat -ap as root, then sudoer anyone you want to have access to the info.

Hope someone has a more direct solution.  It's interesting.

The 'lsof' (List open files) utility can do this. It has to be installed with privileges, though, so it doesn't exactly meet your criterion. And you're right, it is not easy. I was very impressed by how much data this program can ferret out. And by how much work went into getting it.

The program has been ported to many versions of UNIX and to Linux.    

    | The latest release of lsof is always available via anonymous ftp |
    | from vic.cc.purdue.edu.  Look in pub/tools/unix/lsof.|

zouweiAuthor Commented:
Hi, Rob and jmcg,

Thanks for the comments. lsof works good under root privileges. However, what I want is to write a scripe which even a normal user can use it to find out who is connected to that equipment ( shared by multiple users).

I'll wait a few more days to see if any suggestion comes in.

One of the reasons lsof comes with some elaborate PGP signatures and stuff is to get you to the point where you can _trust_ it to be installed SUID root. Your script can then run lsof (there're flags that will limit it to looking for sockets or even to a particular socket) and parse the output to find the particular things you're interested in.

The information you want is not available through the UNIX API, period. You have no choice but to use a (trusted) program to access the kernel data structures. The only other approach I can suggest is that you could place monitor processes in front of the resources you want to monitor that can record the connection information before handing the connection over to the real server (or modify the servers to do this for you, if you have source).
You can' t do it without at least an suid-to-root lsof (or equivalent) as the data for processes other than your own is only readable by root.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now