|Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
|FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB
|Page 1 of 1|
|Author:||mandrei99 [ Wed Dec 11, 2013 4:56 am ]|
|Post subject:||FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB|
FreeBSD find pid that opened TCP/UDP socket without lsof using address of protocol control block(PCB)
LSOF (list open files) is a useful tool coming from Linux world that can show file descriptors, socket information and much more. It does not come by default in FreeBSD and can be installed from ports or source.
If "lsof" is not installed, another way of finding the process ID of the process that opened a TCP or UDP socket is by using the Protocol Control Block (PCB) and "netstat" and "fstat" commands that are both part of the FreeBSD base system.
Find the PCB of an open port using netstat:
# netstat -Aanf inet | grep 22
c2de3910 tcp4 0 0 *.22 *.* LISTEN
The output is the PCB,protocol , rec/send Queues, local address and foreign address.
Now let's find the process associated to this PCB:
# fstat | grep c2de3910
root sshd 87382 3* internet stream tcp c2de3910
# ps alxw | grep -v grep | grep 87382
0 68846 87382 0 44 0 8344 2928 select Ss ?? 0:00.16 sshd: root@ttyp0 (sshd)
0 70595 87382 0 44 0 8344 2928 select Ss ?? 0:00.24 sshd: root@ttyp1 (sshd)
0 87382 1 0 44 0 5784 2184 select Is ?? 0:01.96 /usr/sbin/sshd
|Page 1 of 1||All times are UTC - 5 hours [ DST ]|
|Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group