Unix - What ports are being used?

Posted on 2004-09-24
Last Modified: 2013-12-06
I have an application configuration file that I am moving from an AIX4.3 box to an AIX 5.2 box.  The original configuration file refers to several ports in the 10000, 20000, 30000, 40000 range.  

export NAME_SRVR_A_PORT_3=10011                                                
export NAME_SRVR_A_PORT_4=10012                                                  
export NAME_SRVR_A_PORT_5=10013                                                        
export NAME_SRVR_B_PORT_3=20011                                                        
export NAME_SRVR_B_PORT_4=20012                                                        
export NAME_SRVR_B_PORT_5=20013                                                        
export NAME_SRVR_C_PORT_3=30011                                                  
export NAME_SRVR_C_PORT_4=30012                                                  
export NAME_SRVR_C_PORT_5=30013                                                  
export NAME_SRVR_D_PORT_3=40011                                                        
export NAME_SRVR_D_PORT_4=40012                                                        

On the destination box, I want to check and see if these ports are being used and if so, what app is using them

My /etc/services only shows ports under 10000 and netstat doesn't really show me what I am looking for.

If there is a different way to do it in Solaris, please let me know how to do that also.

Thanks for your direct help!      
Question by:theoradically
  • 4
  • 3
  • 3
  • +3

Accepted Solution

alfarome earned 100 total points
ID: 12146898
try"lsof -i <:port>", it gives you a listing of all network resources used by the kernel, here is an example:

# lsof -ni :22
sshd      825 root    4u  IPv4 12000617       TCP> (ESTABLISHED)
sshd    23371 root    3u  IPv4      475       TCP *:ssh (LISTEN)

hope it's what you're looking for

LVL 51

Assisted Solution

ahoffmann earned 100 total points
ID: 12154074
netstat -an
LVL 61

Expert Comment

ID: 12155998
fuser is in AIX, lsof is big&slow
LVL 51

Expert Comment

ID: 12156059
.. and netstat -an works nearly everywhere (including M$:-)

Expert Comment

ID: 12156514
fuser & lsof work in aix and solaris (and linux), but I dont see how netstat -an gives you the PID of the process that uses the port. it justs lists you open connections and unix-sockets as far as I know.

I would try "fuser 22/tcp" or "lsof -ni :22" ...and the speed of lsof depends on how many connections your system has open.
LVL 61

Expert Comment

ID: 12157485
Yes, lsof is i^2 or so
LVL 51

Expert Comment

ID: 12157899
outch, I missed
> .. what app is using them
so I agree with lsof (netstat -pan is linux only)

Author Comment

ID: 12162900
This is an IBM Websphere LoadBalancer config file.  I want to use the old config file on a box that's been upgraded to AIX5.2.  Before just implementing the config file that makes reference to the ports above, I want to see if anything is using those ports on the new box.  I tried different options to the fuser, wasn't giving me any helpful info.  

Using the
$ fuser 22/tcp
22/tcp: A file or directory in the path name does not exist.
I realize that's just searching for the ssh port 22, but it should be in use, shouldn't it.
$ fuser 10013/tcp
10013/tcp: A file or directory in the path name does not exist.

Using the netstat -an, the top of the output is
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.22                   *.*                    LISTEN
tcp4       0      0  *.111                  *.*                    LISTEN
tcp        0      0  *.512                  *.*                    LISTEN
tcp        0      0  *.514                  *.*                    LISTEN
tcp4       0      0  *.543                  *.*                    LISTEN
tcp4       0      0  *.544                  *.*                    LISTEN
tcp4       0      0  *.657                  *.*                    LISTEN
tcp4       0      0        *.*                    LISTEN
tcp4       0      0  *.5070                 *.*                    LISTEN
tcp4       0      0  *.6767                 *.*                    LISTEN
tcp4       0      0  *.6768                 *.*                    LISTEN
tcp4       0      0  *.32768                *.*                    LISTEN
tcp4       0      0  *.32769                *.*                    LISTEN
tcp4       0      0  *.8891                 *.*                    LISTEN
tcp4       0      0  *.8892                 *.*                    LISTEN
tcp4       0      0  *.9090                 *.*                    LISTEN

this still isn't showing ports over 10000.  How do I find out if 10011, 10012, 10013, 20011, 20012 and so are being used and if so, by what application.  Thanks for your time, sorry for my ignorance.
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

LVL 48

Assisted Solution

Tintin earned 50 total points
ID: 12166154
If your netstat output isn't showing ports >10000, then that means there is nothing listening or running on that port.  However, that doesn't mean they might not be started by inetd which means the port they run on will only show up in the netstat listing when there is an active connection.  But given that there are no entries in /etc/services, this is unlikely.

LVL 61

Expert Comment

ID: 12166610
UDP listeners do not show up a "LISTEN"
rpcinfo -p prints some info about ports controlled by RPC portmap

Expert Comment

ID: 12175045
theoradically, it seems your fuser has a different syntax. either find out how it works, or try "lsof -i <proto>:<port>" to find out about udp connections

something like this should give you all the info you want:

for port in 10011 10012 10013 20011 20012 20013 30011 30012 30013 40011 40012 ;do
         /path/to/lsof -i tcp:$port
         /path/to/lsof -i udp:$port

if this does not generate any meaningful output, then those ports are just not used. of course what tintin said about inetd still applies here.
LVL 20

Expert Comment

ID: 12194575
To my knowledge "fuser" is the old'n'stupid unix one, not the new shine....:-). So no luck with that on AIX (please correct me here gheist, I'm @home.... away from my 5.2 boxes:-).
lsof might be it, but again, only for "active port consumers". As mentioned, both portmap and inetd might ... surpise... you there, but OTOH they're rather easily checked (reading config file and doing what gheist mentions above).

-- Glenn (who pines for the good old DG/UX netuser command... Simply glorious:-)

Author Comment

ID: 12308907
Sorry this was so tough.  Even though I didn't know how to find it, I felt that finding used ports should have been an easy one.

fuser didn't give me what I needed
netstat didn't give me what I needed
lsof - not found
netuser - not found

The problem is not even an issue at this point.  I want to close this, but do appreciate the time that each of you have spent!
LVL 51

Expert Comment

ID: 12311088
then you need to do it the traditional way:

   netstat -an
   awk '($1 !~ /^#/){print}' /etc/inetd.conf

netstat tells you which ports are open permanent
inetd.conf tells you which will be opened per request
To find out which program uses which port will be harder then (without lsof), try&error ...
LVL 20

Expert Comment

ID: 12422762
Since lsof is available (although not perhaps installed on theoradicallys box), you might consider attributing points to those suggestions, as well as the netstat suggestions (and perhaps even the "search the config files" type suggestions)... Generally sprinkle points about:-). If it was less points I'd say "PAQ/no refund it and be done with it"... Perhaps not best though.

-- Glenn

Author Comment

ID: 12456492

What's up?   "Abandoned""Assumed participant Is no longer interested?"  I did not know how to close this, so as seen above on 10/14, I said this was no longer an issue, I thanked everyone for their input and said that I would like to close it so no more time was spent on it!

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now