Unix - What ports are being used?

Posted on 2004-09-24
Last Modified: 2013-12-06
I have an application configuration file that I am moving from an AIX4.3 box to an AIX 5.2 box.  The original configuration file refers to several ports in the 10000, 20000, 30000, 40000 range.  

export NAME_SRVR_A_PORT_3=10011                                                
export NAME_SRVR_A_PORT_4=10012                                                  
export NAME_SRVR_A_PORT_5=10013                                                        
export NAME_SRVR_B_PORT_3=20011                                                        
export NAME_SRVR_B_PORT_4=20012                                                        
export NAME_SRVR_B_PORT_5=20013                                                        
export NAME_SRVR_C_PORT_3=30011                                                  
export NAME_SRVR_C_PORT_4=30012                                                  
export NAME_SRVR_C_PORT_5=30013                                                  
export NAME_SRVR_D_PORT_3=40011                                                        
export NAME_SRVR_D_PORT_4=40012                                                        

On the destination box, I want to check and see if these ports are being used and if so, what app is using them

My /etc/services only shows ports under 10000 and netstat doesn't really show me what I am looking for.

If there is a different way to do it in Solaris, please let me know how to do that also.

Thanks for your direct help!      
Question by:theoradically
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3

Accepted Solution

alfarome earned 100 total points
ID: 12146898
try"lsof -i <:port>", it gives you a listing of all network resources used by the kernel, here is an example:

# lsof -ni :22
sshd      825 root    4u  IPv4 12000617       TCP> (ESTABLISHED)
sshd    23371 root    3u  IPv4      475       TCP *:ssh (LISTEN)

hope it's what you're looking for

LVL 51

Assisted Solution

ahoffmann earned 100 total points
ID: 12154074
netstat -an
LVL 62

Expert Comment

ID: 12155998
fuser is in AIX, lsof is big&slow
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 51

Expert Comment

ID: 12156059
.. and netstat -an works nearly everywhere (including M$:-)

Expert Comment

ID: 12156514
fuser & lsof work in aix and solaris (and linux), but I dont see how netstat -an gives you the PID of the process that uses the port. it justs lists you open connections and unix-sockets as far as I know.

I would try "fuser 22/tcp" or "lsof -ni :22" ...and the speed of lsof depends on how many connections your system has open.
LVL 62

Expert Comment

ID: 12157485
Yes, lsof is i^2 or so
LVL 51

Expert Comment

ID: 12157899
outch, I missed
> .. what app is using them
so I agree with lsof (netstat -pan is linux only)

Author Comment

ID: 12162900
This is an IBM Websphere LoadBalancer config file.  I want to use the old config file on a box that's been upgraded to AIX5.2.  Before just implementing the config file that makes reference to the ports above, I want to see if anything is using those ports on the new box.  I tried different options to the fuser, wasn't giving me any helpful info.  

Using the
$ fuser 22/tcp
22/tcp: A file or directory in the path name does not exist.
I realize that's just searching for the ssh port 22, but it should be in use, shouldn't it.
$ fuser 10013/tcp
10013/tcp: A file or directory in the path name does not exist.

Using the netstat -an, the top of the output is
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.22                   *.*                    LISTEN
tcp4       0      0  *.111                  *.*                    LISTEN
tcp        0      0  *.512                  *.*                    LISTEN
tcp        0      0  *.514                  *.*                    LISTEN
tcp4       0      0  *.543                  *.*                    LISTEN
tcp4       0      0  *.544                  *.*                    LISTEN
tcp4       0      0  *.657                  *.*                    LISTEN
tcp4       0      0        *.*                    LISTEN
tcp4       0      0  *.5070                 *.*                    LISTEN
tcp4       0      0  *.6767                 *.*                    LISTEN
tcp4       0      0  *.6768                 *.*                    LISTEN
tcp4       0      0  *.32768                *.*                    LISTEN
tcp4       0      0  *.32769                *.*                    LISTEN
tcp4       0      0  *.8891                 *.*                    LISTEN
tcp4       0      0  *.8892                 *.*                    LISTEN
tcp4       0      0  *.9090                 *.*                    LISTEN

this still isn't showing ports over 10000.  How do I find out if 10011, 10012, 10013, 20011, 20012 and so are being used and if so, by what application.  Thanks for your time, sorry for my ignorance.
LVL 48

Assisted Solution

Tintin earned 50 total points
ID: 12166154
If your netstat output isn't showing ports >10000, then that means there is nothing listening or running on that port.  However, that doesn't mean they might not be started by inetd which means the port they run on will only show up in the netstat listing when there is an active connection.  But given that there are no entries in /etc/services, this is unlikely.

LVL 62

Expert Comment

ID: 12166610
UDP listeners do not show up a "LISTEN"
rpcinfo -p prints some info about ports controlled by RPC portmap

Expert Comment

ID: 12175045
theoradically, it seems your fuser has a different syntax. either find out how it works, or try "lsof -i <proto>:<port>" to find out about udp connections

something like this should give you all the info you want:

for port in 10011 10012 10013 20011 20012 20013 30011 30012 30013 40011 40012 ;do
         /path/to/lsof -i tcp:$port
         /path/to/lsof -i udp:$port

if this does not generate any meaningful output, then those ports are just not used. of course what tintin said about inetd still applies here.
LVL 20

Expert Comment

ID: 12194575
To my knowledge "fuser" is the old'n'stupid unix one, not the new shine....:-). So no luck with that on AIX (please correct me here gheist, I'm @home.... away from my 5.2 boxes:-).
lsof might be it, but again, only for "active port consumers". As mentioned, both portmap and inetd might ... surpise... you there, but OTOH they're rather easily checked (reading config file and doing what gheist mentions above).

-- Glenn (who pines for the good old DG/UX netuser command... Simply glorious:-)

Author Comment

ID: 12308907
Sorry this was so tough.  Even though I didn't know how to find it, I felt that finding used ports should have been an easy one.

fuser didn't give me what I needed
netstat didn't give me what I needed
lsof - not found
netuser - not found

The problem is not even an issue at this point.  I want to close this, but do appreciate the time that each of you have spent!
LVL 51

Expert Comment

ID: 12311088
then you need to do it the traditional way:

   netstat -an
   awk '($1 !~ /^#/){print}' /etc/inetd.conf

netstat tells you which ports are open permanent
inetd.conf tells you which will be opened per request
To find out which program uses which port will be harder then (without lsof), try&error ...
LVL 20

Expert Comment

ID: 12422762
Since lsof is available (although not perhaps installed on theoradicallys box), you might consider attributing points to those suggestions, as well as the netstat suggestions (and perhaps even the "search the config files" type suggestions)... Generally sprinkle points about:-). If it was less points I'd say "PAQ/no refund it and be done with it"... Perhaps not best though.

-- Glenn

Author Comment

ID: 12456492

What's up?   "Abandoned""Assumed participant Is no longer interested?"  I did not know how to close this, so as seen above on 10/14, I said this was no longer an issue, I thanked everyone for their input and said that I would like to close it so no more time was spent on it!

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question