Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Tue Sep 29, 2020 9:04 pm


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB
Author Message
Post subject: FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB  |  Post Posted: Wed Dec 11, 2013 4:56 am
FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB)

LSOF (list open files) is a useful tool coming from Linux world that can show file descriptors, socket information and much more. It does not come by default in FreeBSD and can be installed from ports or source.

If "lsof" is not installed, another way of finding the process ID of the process that opened a TCP or UDP socket is by using the Protocol Control Block (PCB) and "netstat" and "fstat" commands that are both part of the FreeBSD base system.

Find the PCB of an open port using netstat:
Code:
# netstat -Aanf inet | grep 22
c2de3910 tcp4       0      0 *.22               *.*                LISTEN


The output is the PCB,protocol , rec/send Queues, local address and foreign address.

Now let's find the process associated to this PCB:
Code:
# fstat | grep c2de3910
root     sshd       87382    3* internet stream tcp c2de3910
# ps alxw | grep -v grep | grep  87382
    0 68846 87382   0  44  0  8344  2928 select Ss    ??    0:00.16 sshd: root@ttyp0 (sshd)
    0 70595 87382   0  44  0  8344  2928 select Ss    ??    0:00.24 sshd: root@ttyp1 (sshd)
    0 87382     1   0  44  0  5784  2184 select Is    ??    0:01.96 /usr/sbin/sshd


Obviously, SSH.
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO