[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Unix - What ports are being used?

Posted on 2004-09-24
Medium Priority
Last Modified: 2013-12-06
I have an application configuration file that I am moving from an AIX4.3 box to an AIX 5.2 box.  The original configuration file refers to several ports in the 10000, 20000, 30000, 40000 range.  

export NAME_SRVR_A_PORT_3=10011                                                
export NAME_SRVR_A_PORT_4=10012                                                  
export NAME_SRVR_A_PORT_5=10013                                                        
export NAME_SRVR_B_PORT_3=20011                                                        
export NAME_SRVR_B_PORT_4=20012                                                        
export NAME_SRVR_B_PORT_5=20013                                                        
export NAME_SRVR_C_PORT_3=30011                                                  
export NAME_SRVR_C_PORT_4=30012                                                  
export NAME_SRVR_C_PORT_5=30013                                                  
export NAME_SRVR_D_PORT_3=40011                                                        
export NAME_SRVR_D_PORT_4=40012                                                        

On the destination box, I want to check and see if these ports are being used and if so, what app is using them

My /etc/services only shows ports under 10000 and netstat doesn't really show me what I am looking for.

If there is a different way to do it in Solaris, please let me know how to do that also.

Thanks for your direct help!      
Question by:theoradically
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +3

Accepted Solution

alfarome earned 300 total points
ID: 12146898
try"lsof -i <:port>", it gives you a listing of all network resources used by the kernel, here is an example:

# lsof -ni :22
sshd      825 root    4u  IPv4 12000617       TCP> (ESTABLISHED)
sshd    23371 root    3u  IPv4      475       TCP *:ssh (LISTEN)

hope it's what you're looking for

LVL 51

Assisted Solution

ahoffmann earned 300 total points
ID: 12154074
netstat -an
LVL 62

Expert Comment

ID: 12155998
fuser is in AIX, lsof is big&slow

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

LVL 51

Expert Comment

ID: 12156059
.. and netstat -an works nearly everywhere (including M$:-)

Expert Comment

ID: 12156514
fuser & lsof work in aix and solaris (and linux), but I dont see how netstat -an gives you the PID of the process that uses the port. it justs lists you open connections and unix-sockets as far as I know.

I would try "fuser 22/tcp" or "lsof -ni :22" ...and the speed of lsof depends on how many connections your system has open.
LVL 62

Expert Comment

ID: 12157485
Yes, lsof is i^2 or so
LVL 51

Expert Comment

ID: 12157899
outch, I missed
> .. what app is using them
so I agree with lsof (netstat -pan is linux only)

Author Comment

ID: 12162900
This is an IBM Websphere LoadBalancer config file.  I want to use the old config file on a box that's been upgraded to AIX5.2.  Before just implementing the config file that makes reference to the ports above, I want to see if anything is using those ports on the new box.  I tried different options to the fuser, wasn't giving me any helpful info.  

Using the
$ fuser 22/tcp
22/tcp: A file or directory in the path name does not exist.
I realize that's just searching for the ssh port 22, but it should be in use, shouldn't it.
$ fuser 10013/tcp
10013/tcp: A file or directory in the path name does not exist.

Using the netstat -an, the top of the output is
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp        0      0  *.22                   *.*                    LISTEN
tcp4       0      0  *.111                  *.*                    LISTEN
tcp        0      0  *.512                  *.*                    LISTEN
tcp        0      0  *.514                  *.*                    LISTEN
tcp4       0      0  *.543                  *.*                    LISTEN
tcp4       0      0  *.544                  *.*                    LISTEN
tcp4       0      0  *.657                  *.*                    LISTEN
tcp4       0      0        *.*                    LISTEN
tcp4       0      0  *.5070                 *.*                    LISTEN
tcp4       0      0  *.6767                 *.*                    LISTEN
tcp4       0      0  *.6768                 *.*                    LISTEN
tcp4       0      0  *.32768                *.*                    LISTEN
tcp4       0      0  *.32769                *.*                    LISTEN
tcp4       0      0  *.8891                 *.*                    LISTEN
tcp4       0      0  *.8892                 *.*                    LISTEN
tcp4       0      0  *.9090                 *.*                    LISTEN

this still isn't showing ports over 10000.  How do I find out if 10011, 10012, 10013, 20011, 20012 and so are being used and if so, by what application.  Thanks for your time, sorry for my ignorance.
LVL 48

Assisted Solution

Tintin earned 150 total points
ID: 12166154
If your netstat output isn't showing ports >10000, then that means there is nothing listening or running on that port.  However, that doesn't mean they might not be started by inetd which means the port they run on will only show up in the netstat listing when there is an active connection.  But given that there are no entries in /etc/services, this is unlikely.

LVL 62

Expert Comment

ID: 12166610
UDP listeners do not show up a "LISTEN"
rpcinfo -p prints some info about ports controlled by RPC portmap

Expert Comment

ID: 12175045
theoradically, it seems your fuser has a different syntax. either find out how it works, or try "lsof -i <proto>:<port>" to find out about udp connections

something like this should give you all the info you want:

for port in 10011 10012 10013 20011 20012 20013 30011 30012 30013 40011 40012 ;do
         /path/to/lsof -i tcp:$port
         /path/to/lsof -i udp:$port

if this does not generate any meaningful output, then those ports are just not used. of course what tintin said about inetd still applies here.
LVL 20

Expert Comment

ID: 12194575
To my knowledge "fuser" is the old'n'stupid unix one, not the new shine....:-). So no luck with that on AIX (please correct me here gheist, I'm @home.... away from my 5.2 boxes:-).
lsof might be it, but again, only for "active port consumers". As mentioned, both portmap and inetd might ... surpise... you there, but OTOH they're rather easily checked (reading config file and doing what gheist mentions above).

-- Glenn (who pines for the good old DG/UX netuser command... Simply glorious:-)

Author Comment

ID: 12308907
Sorry this was so tough.  Even though I didn't know how to find it, I felt that finding used ports should have been an easy one.

fuser didn't give me what I needed
netstat didn't give me what I needed
lsof - not found
netuser - not found

The problem is not even an issue at this point.  I want to close this, but do appreciate the time that each of you have spent!
LVL 51

Expert Comment

ID: 12311088
then you need to do it the traditional way:

   netstat -an
   awk '($1 !~ /^#/){print}' /etc/inetd.conf

netstat tells you which ports are open permanent
inetd.conf tells you which will be opened per request
To find out which program uses which port will be harder then (without lsof), try&error ...
LVL 20

Expert Comment

ID: 12422762
Since lsof is available (although not perhaps installed on theoradicallys box), you might consider attributing points to those suggestions, as well as the netstat suggestions (and perhaps even the "search the config files" type suggestions)... Generally sprinkle points about:-). If it was less points I'd say "PAQ/no refund it and be done with it"... Perhaps not best though.

-- Glenn

Author Comment

ID: 12456492

What's up?   "Abandoned""Assumed participant Is no longer interested?"  I did not know how to close this, so as seen above on 10/14, I said this was no longer an issue, I thanked everyone for their input and said that I would like to close it so no more time was spent on it!

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question