Hi,

There is a program / process which is listening to the port 1830 on my
UNIX system.  There were none info about it returns from the
"rpcinfo".  Also, there is no entry on the /etc/services.

Many thanks....

In article <d7bb12ab.0409081354.15eefbad@posting.google.com>,
 kaka.hui@gmail.com (Cathy) wrote:

> Hi,
> 
> There is a program / process which is listening to the port 1830 on my
> UNIX system.  There were none info about it returns from the
> "rpcinfo".  Also, there is no entry on the /etc/services.
> 
> Many thanks....

ports > 1024 (or is it 1023) are not 'known' ports and don't require 
root to bind them.  So, any user can write something and run it in 
background to bind to this port.  You can use lsof, a tool to list all 
'open files' even network ports.  Google for the URL.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...

In article <d7bb12ab.0409081354.15eefbad@posting.google.com>, Cathy wrote:
>Hi,
>
>There is a program / process which is listening to the port 1830 on my
>UNIX system.  There were none info about it returns from the
>"rpcinfo".  Also, there is no entry on the /etc/services.

Which UNIX?   There are a few of them.

[compton ~]$ grep 1830 /usr/doc/rfcs/port-numbers
net8-cman       1830/tcp    Oracle Net8 CMan Admin
net8-cman       1830/udp    Oracle Net8 CMan Admin
[compton ~]$ 

Running Oracle?

        Old guy

On 8 Sep 2004 14:54:35 -0700, Cathy 
  <kaka.hui@gmail.com> wrote:
> Hi,
>
> There is a program / process which is listening to the port 1830 on my
> UNIX system.  There were none info about it returns from the
> "rpcinfo".  Also, there is no entry on the /etc/services.
>
> Many thanks....

netstat -np
lsof


-- 
 If quizzes are quizzical, what are tests? (Think about it)

It's on Solaris 8.  Yes, Oracle 9.2.0.3 is running on that system.  

Thanks!!



ibuprofin@painkiller.example.tld (Moe Trin) wrote in message news:<slrncjv5p9.9g1.ibuprofin@atlantis.phx.az.us>...
> In article <d7bb12ab.0409081354.15eefbad@posting.google.com>, Cathy wrote:
> >Hi,
> >
> >There is a program / process which is listening to the port 1830 on my
> >UNIX system.  There were none info about it returns from the
> >"rpcinfo".  Also, there is no entry on the /etc/services.
> 
> Which UNIX?   There are a few of them.
> 
> [compton ~]$ grep 1830 /usr/doc/rfcs/port-numbers
> net8-cman       1830/tcp    Oracle Net8 CMan Admin
> net8-cman       1830/udp    Oracle Net8 CMan Admin
> [compton ~]$ 
> 
> Running Oracle?
> 
>         Old guy

Bill Marcum <bmarcum@iglou.com.urgent> wrote in message news:<3gu412-itn.ln1@don.localnet>...
> On 8 Sep 2004 14:54:35 -0700, Cathy 
>   <kaka.hui@gmail.com> wrote:
> > Hi,
> >
> > There is a program / process which is listening to the port 1830 on my
> > UNIX system.  There were none info about it returns from the
> > "rpcinfo".  Also, there is no entry on the /etc/services.
> >
> > Many thanks....
> 
> netstat -np
> lsof

the exact syntax for lsof:

lsof -i <protocol>:<port>

i.e.:  lsof -i tcp:443 yields the following sort of results:

httpd    1446 apache    5u  IPv6 0x300020da318      0t0  TCP *:https (LISTEN)
httpd    1449 apache    5u  IPv6 0x300020da318      0t0  TCP *:https (LISTEN)
httpd    1450 apache    5u  IPv6 0x300020da318      0t0  TCP *:https (LISTEN)

2004-09-8, 14:54(-07), Cathy:
[...]
> There is a program / process which is listening to the port 1830 on my
> UNIX system.  There were none info about it returns from the
> "rpcinfo".  Also, there is no entry on the /etc/services.
[On Solaris]

lsof is the best tool for that task. You may have to install it
though as it is not shipped by default with Solaris.

Otherwise, you could use pfiles:

pfiles $(ps -e -o pid=) | sed -n '/^[0-9]/{h;d;}
/port: 1830$/{x;p;x;p;}'

For example:
# lsof -i tcp:80
COMMAND  PID   USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
httpd    318   root   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd    328 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd    329 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd    330 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd    331 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd    333 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd   4459 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
httpd   4460 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
# pfiles $(ps -e -o pid=) | sed -ne '/^[0-9]/{h;d;}' -e '/port: 80$/{x;p;x;p;}'
318:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
333:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
329:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
328:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
330:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
331:    /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
4460:   /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
4459:   /usr/apache/bin/httpd
        sockname: AF_INET 0.0.0.0  port: 80
pfiles: cannot examine 5057: no such process

-- 
Stephane

If I don't even know what is the program / service name, can I still use lsof?  

Thanks!

Stephane CHAZELAS <this.address@is.invalid> wrote in message news:<slrnck15nf.1qc.stephane.chazelas@spam.is.invalid>...
> 2004-09-8, 14:54(-07), Cathy:
> [...]
> > There is a program / process which is listening to the port 1830 on my
> > UNIX system.  There were none info about it returns from the
> > "rpcinfo".  Also, there is no entry on the /etc/services.
> [On Solaris]
> 
> lsof is the best tool for that task. You may have to install it
> though as it is not shipped by default with Solaris.
> 
> Otherwise, you could use pfiles:
> 
> pfiles $(ps -e -o pid=) | sed -n '/^[0-9]/{h;d;}
> /port: 1830$/{x;p;x;p;}'
> 
> For example:
> # lsof -i tcp:80
> COMMAND  PID   USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
> httpd    318   root   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd    328 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd    329 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd    330 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd    331 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd    333 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd   4459 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> httpd   4460 nobody   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
> # pfiles $(ps -e -o pid=) | sed -ne '/^[0-9]/{h;d;}' -e '/port: 80$/{x;p;x;p;}'
> 318:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 333:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 329:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 328:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 330:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 331:    /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 4460:   /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> 4459:   /usr/apache/bin/httpd
>         sockname: AF_INET 0.0.0.0  port: 80
> pfiles: cannot examine 5057: no such process

2004-09-13, 11:08(-07), Cathy:
>> # lsof -i tcp:80
>> COMMAND  PID   USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
>> httpd    318   root   16u  IPv4 0x30000fd9a88      0t0  TCP *:80 (LISTEN)
[please don't top-post]
> If I don't even know what is the program / service name, can I still use lsof?  
[...]

lsof -i tcp:25

shows the list of processes having a TCP socket on port 25
(either listening or connected (source or destination)).

lsof -i tcp:smtp

same but with service name instead of port name

lsof -c sendmail

list open files (including sockets) by program called "sendmail"

lsof -p 123

list open files (including sockets) by program of pid 123.

lsof -i tcp

lists every tcp socket

lsof

list all open files (including sockets) by every program on the
system. You can then (v)grep that output for informations you
need.

-- 
Stephane

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephane CHAZELAS wrote:
> 2004-09-8, 14:54(-07), Cathy:
> [...]
>
>>There is a program / process which is listening to the port 1830 on my
>>UNIX system.  There were none info about it returns from the
>>"rpcinfo".  Also, there is no entry on the /etc/services.
>
> [On Solaris]
>
> lsof is the best tool for that task. You may have to install it
> though as it is not shipped by default with Solaris.
>
> Otherwise, you could use pfiles:
>
> pfiles $(ps -e -o pid=) | sed -n '/^[0-9]/{h;d;}
> /port: 1830$/{x;p;x;p;}'
>

Just for the record: In Linux, and IIRC some BSDs too,
there is a similar tool called fuser(1):

$ fuser -av -n tcp 32769

                     USER        PID ACCESS COMMAND
32769/tcp            zappa      1797 f....  netscape-bin
                     zappa      1799 f....  netscape-bin
                     zappa      1800 f....  netscape-bin
                     zappa      1801 f....  netscape-bin
                     zappa      1803 f....  netscape-bin
                     zappa      1807 f....  netscape-bin
                     zappa      1842 f....  netscape-bin
                     zappa      1843 f....  netscape-bin
                     zappa      1845 f....  netscape-bin
                     zappa      1973 f....  netscape-bin

But agreed: lsof is somewhat newer, more versatile, more portable.
Out of habit though, I still tend to prefer fuser ;-).

Juergen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iEYEARECAAYFAkFJBuUACgkQvVdsrqIiIr8sVQCgts2tZH2NN6bAzfsOg7rQqYJ+
+CcAmwXWGOegiIKdJqjQVA6d5p0sq+3Z
=zA3D
-----END PGP SIGNATURE-----