From owner-freebsd-net Mon Sep 7 03:13:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA18561 for freebsd-net-outgoing; Mon, 7 Sep 1998 03:13:39 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA18552 for ; Mon, 7 Sep 1998 03:13:37 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hrotti.ifi.uio.no (2602@hrotti.ifi.uio.no [129.240.64.15]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id MAA10163; Mon, 7 Sep 1998 12:13:07 +0200 (MET DST) Received: (from dag-erli@localhost) by hrotti.ifi.uio.no ; Mon, 7 Sep 1998 12:13:06 +0200 (MET DST) Mime-Version: 1.0 To: "Jan B. Koum " Cc: Graeme Brown , "FreeBSD-Net (FreeBSD.Org) List" Subject: Re: How to find which application is using a given UDP port References: Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which I am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 07 Sep 1998 12:13:05 +0200 In-Reply-To: "Jan B. Koum "'s message of "Mon, 7 Sep 1998 02:24:10 -0700 (PDT)" Message-ID: Lines: 45 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id DAA18555 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jan B. Koum " writes: > Look again: > > % netstat -a > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address (state) > tcp 0 0 rafraf.1342 shell6.ba.best.c.ssh > ESTABLISHED > tcp 0 0 *.6000 *.* LISTEN > udp 0 0 *.syslog *.* > ^^^ > You can also just "netstat -an | grep udp" :) It won't tell you *which* app holds the port. fstat(1) will tell you which processes have open TCP or UDP sockets, but not which port. The trick is to use 'fstat' and 'netstat -Aan' and compare addresses: des@fixus-ipv6 ~$ fstat | grep udp root xdm 214 1* internet dgram udp f7372d80 daemon portmap 99 3* internet dgram udp f7372f00 root xntpd 95 4* internet dgram udp f7372ea0 root xntpd 95 5* internet dgram udp f7372e40 root xntpd 95 6* internet dgram udp f7372de0 root syslogd 85 4* internet dgram udp f7372f60 des@fixus-ipv6 ~$ netstat -Aan | grep udp f7372d80 udp 0 0 *.177 *.* f7372de0 udp 0 0 127.0.0.1.123 *.* f7372e40 udp 0 0 128.39.11.50.123 *.* f7372ea0 udp 0 0 *.123 *.* f7372f00 udp 0 0 *.111 *.* f7372f60 udp 0 0 *.514 *.* It should be relatively easy to write a Perl script that combines the output of each command and prints something like this: root xdm 214 1* internet dgram udp *.177 daemon portmap 99 3* internet dgram udp *.111 root xntpd 95 4* internet dgram udp *.123 root xntpd 95 5* internet dgram udp 128.39.11.50.123 root xntpd 95 6* internet dgram udp 127.0.0.1.123 root syslogd 85 4* internet dgram udp *.514 DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message