Unix - What ports are being used?

Posted on 2004-09-24
Last Modified: 2013-12-06
I have an application configuration file that I am moving from an AIX4.3 box to an AIX 5.2 box.  The original configuration file refers to several ports in the 10000, 20000, 30000, 40000 range.  

export NAME_SRVR_A_PORT_3=10011                                                
export NAME_SRVR_A_PORT_4=10012                                                  
export NAME_SRVR_A_PORT_5=10013                                                        
export NAME_SRVR_B_PORT_3=20011                                                        
export NAME_SRVR_B_PORT_4=20012                                                        
export NAME_SRVR_B_PORT_5=20013                                                        
export NAME_SRVR_C_PORT_3=30011                                                  
export NAME_SRVR_C_PORT_4=30012                                                  
export NAME_SRVR_C_PORT_5=30013                                                  
export NAME_SRVR_D_PORT_3=40011                                                        
export NAME_SRVR_D_PORT_4=40012                                                        

On the destination box, I want to check and see if these ports are being used and if so, what app is using them

My /etc/services only shows ports under 10000 and netstat doesn't really show me what I am looking for.

If there is a different way to do it in Solaris, please let me know how to do that also.

Thanks for your direct help!      
Question by:theoradically
  • 4
  • 3
  • 3
  • +3

Accepted Solution

alfarome earned 100 total points
ID: 12146898
try"lsof -i <:port>", it gives you a listing of all network resources used by the kernel, here is an example:

# lsof -ni :22
sshd      825 root    4u  IPv4 12000617       TCP> (ESTABLISHED)
sshd    23371 root    3u  IPv4      475       TCP *:ssh (LISTEN)

hope it's what you're looking for

LVL 51

Assisted Solution

ahoffmann earned 100 total points
ID: 12154074
netstat -an
LVL 62

Expert Comment

ID: 12155998
fuser is in AIX, lsof is big&slow
ScreenConnect 6.0 Free Trial

Want empowering updates? You're in the right place! Discover new features in ScreenConnect 6.0, based on partner feedback, to keep you business operating smoothly and optimally (the way it should be). Explore all of the extras and enhancements for yourself!

LVL 51

Expert Comment

ID: 12156059
.. and netstat -an works nearly everywhere (including M$:-)

Expert Comment

ID: 12156514
fuser & lsof work in aix and solaris (and linux), but I dont see how netstat -an gives you the PID of the process that uses the port. it justs lists you open connections and unix-sockets as far as I know.

I would try "fuser 22/tcp" or "lsof -ni :22" ...and the speed of lsof depends on how many connections your system has open.
LVL 62

Expert Comment

ID: 12157485
Yes, lsof is i^2 or so
LVL 51

Expert Comment

ID: 12157899
outch, I missed
> .. what app is using them
so I agree with lsof (netstat -pan is linux only)

Author Comment

ID: 12162900
This is an IBM Websphere LoadBalancer config file.  I want to use the old config file on a box that's been upgraded to AIX5.2.  Before just implementing the config file that makes reference to the ports above, I want to see if anything is using those ports on the new box.  I tried different options to the fuser, wasn't giving me any helpful info.  

Using the
$ fuser 22/tcp
22/tcp: A file or directory in the path name does not exist.
I realize that's just searching for the ssh port 22, but it should be in use, shouldn't it.
$ fuser 10013/tcp
10013/tcp: A file or directory in the path name does not exist.

Using the netstat -an, the top of the output is
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.22                   *.*                    LISTEN
tcp4       0      0  *.111                  *.*                    LISTEN
tcp        0      0  *.512                  *.*                    LISTEN
tcp        0      0  *.514                  *.*                    LISTEN
tcp4       0      0  *.543                  *.*                    LISTEN
tcp4       0      0  *.544                  *.*                    LISTEN
tcp4       0      0  *.657                  *.*                    LISTEN
tcp4       0      0        *.*                    LISTEN
tcp4       0      0  *.5070                 *.*                    LISTEN
tcp4       0      0  *.6767                 *.*                    LISTEN
tcp4       0      0  *.6768                 *.*                    LISTEN
tcp4       0      0  *.32768                *.*                    LISTEN
tcp4       0      0  *.32769                *.*                    LISTEN
tcp4       0      0  *.8891                 *.*                    LISTEN
tcp4       0      0  *.8892                 *.*                    LISTEN
tcp4       0      0  *.9090                 *.*                    LISTEN

this still isn't showing ports over 10000.  How do I find out if 10011, 10012, 10013, 20011, 20012 and so are being used and if so, by what application.  Thanks for your time, sorry for my ignorance.
LVL 48

Assisted Solution

Tintin earned 50 total points
ID: 12166154
If your netstat output isn't showing ports >10000, then that means there is nothing listening or running on that port.  However, that doesn't mean they might not be started by inetd which means the port they run on will only show up in the netstat listing when there is an active connection.  But given that there are no entries in /etc/services, this is unlikely.

LVL 62

Expert Comment

ID: 12166610
UDP listeners do not show up a "LISTEN"
rpcinfo -p prints some info about ports controlled by RPC portmap

Expert Comment

ID: 12175045
theoradically, it seems your fuser has a different syntax. either find out how it works, or try "lsof -i <proto>:<port>" to find out about udp connections

something like this should give you all the info you want:

for port in 10011 10012 10013 20011 20012 20013 30011 30012 30013 40011 40012 ;do
         /path/to/lsof -i tcp:$port
         /path/to/lsof -i udp:$port

if this does not generate any meaningful output, then those ports are just not used. of course what tintin said about inetd still applies here.
LVL 20

Expert Comment

ID: 12194575
To my knowledge "fuser" is the old'n'stupid unix one, not the new shine....:-). So no luck with that on AIX (please correct me here gheist, I'm @home.... away from my 5.2 boxes:-).
lsof might be it, but again, only for "active port consumers". As mentioned, both portmap and inetd might ... surpise... you there, but OTOH they're rather easily checked (reading config file and doing what gheist mentions above).

-- Glenn (who pines for the good old DG/UX netuser command... Simply glorious:-)

Author Comment

ID: 12308907
Sorry this was so tough.  Even though I didn't know how to find it, I felt that finding used ports should have been an easy one.

fuser didn't give me what I needed
netstat didn't give me what I needed
lsof - not found
netuser - not found

The problem is not even an issue at this point.  I want to close this, but do appreciate the time that each of you have spent!
LVL 51

Expert Comment

ID: 12311088
then you need to do it the traditional way:

   netstat -an
   awk '($1 !~ /^#/){print}' /etc/inetd.conf

netstat tells you which ports are open permanent
inetd.conf tells you which will be opened per request
To find out which program uses which port will be harder then (without lsof), try&error ...
LVL 20

Expert Comment

ID: 12422762
Since lsof is available (although not perhaps installed on theoradicallys box), you might consider attributing points to those suggestions, as well as the netstat suggestions (and perhaps even the "search the config files" type suggestions)... Generally sprinkle points about:-). If it was less points I'd say "PAQ/no refund it and be done with it"... Perhaps not best though.

-- Glenn

Author Comment

ID: 12456492

What's up?   "Abandoned""Assumed participant Is no longer interested?"  I did not know how to close this, so as seen above on 10/14, I said this was no longer an issue, I thanked everyone for their input and said that I would like to close it so no more time was spent on it!

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux: disable vim auto-comment 7 120
How to clone solaris 10 machine 33 131
add some character at the end of line in vi 7 79
aix unix tar error 3 67
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question