Solved Open ports on Solaris 10

Sun Fire V240s
December 7, 2006 at 04:11:25
Specs: Solaris 10, Intel CPU, 8GB

I was installing jboss 3.2.6. on Solaris 10. After installation jboss could not start as some of the needed ports were already opened. I tried to evaluate who uses the open ports with following steps:

1) Jboss reports that he need three ports which are already in use: 1098, 4444, 8080.

2) I try to telnet to these ports and I see that really some process is listening on these ports.

3) I am using netstat to gain some more information about listener on specific ports: 8080, 4444, 1098. This is what I get:

bash# netstat -an|grep 8080
*.8080 *.* 0 0 49152 0 LISTEN
bash# netstat -an|grep 4444
*.4444 *.* 0 0 49152 0 LISTEN
bash# netstat -an|grep 1098
*.1098 *.* 0 0 49152 0 LISTEN

4) I am trying to find out a little bit more with command /usr/local/bin/lsof -i :8080 (4444, 1098), but I do not get any output for these ports.

5) Now I am checking configuration files under /etc and I am searching for configuration file that contains string 4444 or 1098. I do not execute the check for 8080 port, as in the meantime I have found out that this port is used by Oracle-MTS.

I am using following command:
bash# find . -name '*' -a -type f -exec grep 1098 \{} \;

I do not get any output, meaning, no configuration file contains strings which could lead me to some connection to our ports.

6) For the port 1098, I think it is used by sun cluster manager rmiactivation.

Nevertheless, I did not get any information about the process which uses these open ports. Eventually I got an impression that all three ports are used by Oracle 10g.

How will I find out more information about which processes (PID) is currently using these open ports?

See More: Open ports on Solaris 10

Report •

December 18, 2006 at 03:36:36
✔ Best Answer
And here is the answer:
Listing all the pids:
/usr/bin/ps -ef | sed 1d | awk '{print $2}'

Mapping the files to ports using the PID:
/usr/proc/bin/pfiles <PID> 2>/dev/null | /usr/xpg4/bin/grep <PID>
/usr/bin/ps -o pid -o args -p <PID> | sed 1d

Mapping the sockname to port using the port number:
for i in `ps -e|awk '{print $1}'`; do echo $i; pfiles $i 2>/dev/null | grep 'port: 8080'; done
pfiles -F /proc/* | nawk '/^[0-9]+/ { proc=$2} ; /[s]ockname: AF_INET/ { print proc "\n " $0 }'

There were two explanations why "lsof" did not show, what was expected:

1) One thing that might prevent lsof to print all, is if the ports are controlled by inetd
or some such (i.e. there is nothing actively listening on them until you try talking to them).

Also, try telneting to the port and then run lsof while the telnet session is connected.

2) On Solaris 10, using "lsof -i" to show mapping of processes to TCP ports incorrectly shows all
processes that have socket open as using port 65535, for example:

sshd 8005 root 8u IPv4 0x60007ebdac0 0t0 TCP *:65535
sendmail 1116 root 5u IPv4 0x60007ecce00 0t0 TCP *:65535

This is a known bug in lsof that can _not_ be fixed because of differences between Solaris 10
and previous versions. So the useful "lsof -i :<port>" is now not useful.

Report •
Related Solutions

Ask Question