Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Scrpt to list TCP and UDP open ports and services on AIX

Posted on 2011-09-19
7
Medium Priority
?
5,836 Views
Last Modified: 2013-11-17
OK, I made this script to list the TCP open ports and their running service

netstat -aAn|grep LISTEN|while read socket b c d puerto resto;do echo "PUERTO: "`echo $puerto|cut -f2 -d"."`  ------\>  `rmsock $socket tcpcb|sed 's/^.* \([0-9][0-9]*\)/PID \1/'`;done

Similar I made this one for UDP (but does not works, it takes toooo long time and does not show the list)
netstat -aAn|grep udp|grep "*.[0-9]"|while read socket b c d puerto resto;do echo "PUERTO: "`echo $puerto|sed s'/\*\.//'` -----\> `rmsock $socket inpcb|sed 's/^.* \([0-9][0-9]*\)/PID \1/'`;done

I know with lsof -i :$port shows the service that is listening. This could be another way...

Question:
Can you help me to improve this script to list all TCP and UDP ports and their listening's service ?

Thanks.
0
Comment
Question by:sminfo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 36565681
Hi,

sorry for the delay, I maust have overlooked this Q, whyever.

OK, testing your scripts I realized that "read" doesn't seem to work.
Also, the many cuts and seds seem a bit overengineered.

How about just awk (well, a bit grep and even read to make it easier)?

Please have a look at my versions below.
Note that I filtered for sockets actually being held by processes, by greping rmsock's output for "held".  All other ports will just be displayed without additional output.

wmp

TCP:
 
netstat -Aan |grep -E "\*.[0-9].+LISTEN" |awk  '{print $1, substr($5,3)}' |while read socket port
do
  echo "Port: " $port "--->" $(rmsock $socket tcpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
done

Open in new window


UDP:
 
netstat -Aan |grep -E "udp.+\*.[0-9]" |awk  '{print $1, substr($5,3)}' |while read socket port
do
  echo "Port: " $port "--->" $(rmsock $socket inpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
done

Open in new window

0
 

Author Comment

by:sminfo
ID: 36565720
Hi wmp,

The TCP works fine, but in UDP doesn't. When I run the script it freezes, stopped and take too long to show the output, for example here the portmap daemon is not shown:

rmsock : Unable to read kernel address ffffffffffffff58, errno = 14  <-----
Port:  111 --->
Port:  161 ---> PID: 217230 CMD: snmpdv3ne
Port:  514 ---> PID: 196720 CMD: syslogd
Port:  657 ---> PID: 151802 CMD: rmcd

I see also rmsock does not have an option like timeout to make the output faster.

Any idea on how to make the UDP faster?

Thanks.

0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36565750
Well,

port 111 always gives:

"Wait for exiting processes to be cleaned up before removing the socket"

so there's nothing to display from rmsock.

As for the delay - it's not related to portmap, so what's in "netstat -Aan" just above port 111?
Maybe we must filter out some weird candidates.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Closing Comment

by:sminfo
ID: 36566217
Thanks..!!
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 36567198
WARNING TO THOSE USING rmsock LOOSELY...

We used rmsock in our backup script to see what was connected to a database, when we wanted to bring it down.
a couple weeks back we had an AIX system panic.
This is what IBM posted back to our PMR.

----

The PMR has been transferred to me based on the rmsock command.

I reviewed this issue and found the following explanation from development:

"rmsock can crash the system if it is run on a socket that has already been removed ... such a scenario is a current limitation of rmsock."

"The rmsock implementation has known timing issues which can lead to a system panic. The changes to resolve this are too large to put into an APAR. I would recommend opening a DCR (Design Change Request) for this issue. The gest of the DCR would be to move the processing that rmsock does down into the kernel and use the proper locking and serialization to locate and close the specified socket. The DCR will take long time get analyze because large number of design change requests so resolution may not be immediate."

DCR #MR0616117316 was submitted in June 2011 for this rmsock issue. The latest status is that a resolver has been assigned to review the request.

Based on the information above, we will have to wait for the DCR process to complete in order for this rmsock limitation to be lifted.

---
based on the outage we took, and the explanation above, I'd recommend using an lsof solution that only "looks", and does not actually try to remove the socket.
If a process completes between your netstat and your rmsock, you could panic the system, as we did.
The nature of what you're writting, depending on how often you run it, increases the odds of that occurance happening.  Our script was running for a year without issue, but one night, major outage ......

Tom
0
 

Author Comment

by:sminfo
ID: 36567344
Thanks Tom for your update.. In deed this script will be used from time to time, not daily.. but it's strange because rmsock is recommended by IBM:

http://www.ibmsystemsmag.com/aix/tipstechniques/systemsmanagement/AIX-TCP-IP-Utilities-for-Sockets-to-Process-ID-Map/
https://www-304.ibm.com/support/docview.wss?uid=swg21264632

just two examples that IBM says you can use rmsock to see the opened ports. BUT the real world is sometimes different to what is written on the paper. I don't use lsof because it's nos installed on all AIX boxes.
0
 
LVL 6

Expert Comment

by:Tomunique
ID: 36567576
I can't speak to the mag article, those are usually good, but, sometimes it's folks wanting to be published.

As for the IBM site posting, what they're referring to is a more stable environment.
You are trying to bring up a service, and someone else is on the port (and holding it).  the odds of that holder going away are slimmer, as that is why you've run into the situation of having to hunt them down.  

Tom

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question