Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to tie a network connection to a PID without using lsof or netstat?

Tags:

linux

networking

pid

solaris

Is there a way to tie a network connection to a PID (process ID) without forking to lsof or netstat?

Currently lsof is being used to poll what connections belong which process ID. However lsof or netstat can be quite expensive on a busy host and would like to avoid having to fork to these tools.

Is there someplace similar to /proc/$pid where one can look to find this information? I know what the network connections are by examining /proc/net but can't figure out how to tie this back to a pid. Over in /proc/$pid, there doesn't seem to be any network information.

The target hosts are Linux 2.4 and Solaris 8 to 10. If possible, a solution in Perl, but am willing to do C/C++.

additional notes:

I would like to emphasize the goal here is to tie a network connection to a PID. Getting one or the other is trivial, but putting the two together in a low cost manner appears to be difficult. Thanks for the answers to so far!

like image 829
jac_no_k Avatar asked May 08 '09 05:05

jac_no_k

3 Answers

I don't know how often you need to poll, or what you mean with "expensive", but with the right options both netstat and lsof run a lot faster than in the default configuration.
Examples:

netstat -ltn

shows only listening tcp sockets, and omits the (slow) name resolution that is on by default.

lsof -b -n -i4tcp:80

omits all blocking operations, name resolution, and limits the selection to IPv4 tcp sockets on port 80.

like image 105
8jean Avatar answered Sep 29 '22 15:09

8jean

On Solaris you can use pfiles(1) to do this:

# ps -fp 308 
     UID   PID  PPID   C    STIME TTY         TIME CMD
    root   308   255   0 22:44:07 ?           0:00 /usr/lib/ssh/sshd
# pfiles 308 | egrep 'S_IFSOCK|sockname: '
   6: S_IFSOCK mode:0666 dev:326,0 ino:3255 uid:0 gid:0 size:0
        sockname: AF_INET 192.168.1.30  port: 22

For Linux, this is more complex (gruesome):

# pgrep sshd
3155
# ls -l /proc/3155/fd | fgrep socket
lrwx------ 1 root root 64 May 22 23:04 3 -> socket:[7529]
# fgrep 7529 /proc/3155/net/tcp 
   6: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 7529 1 f5baa8a0 300 0 0 2 -1

00000000:0016 is 0.0.0.0:22. Here's the equivalent output from netstat -a:

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
like image 26
Martin Carpenter Avatar answered Sep 29 '22 16:09

Martin Carpenter

Why don't you look at the source code of netstat and see how it get's the information? It's open source.

like image 37
lothar Avatar answered Sep 29 '22 16:09

lothar
Sign in to Comment

Related questions

Static Qt5 build on Linux: how to handle fonts when deploying?
How to remove headers revealing system info when sending mail in php
Unix vs BSD vs TCP vs Internet sockets?
Python Module Error on Linux
Linux UDP Socket sendto: Operation not Permitted
Unable to find out what return code of -11 means
How to count the number of black and white pixels (linux, imagemagik, etc)
Use wildcard in tox command
Atomically swap contents of two files on Linux
How to combine images in Ruby
inotify event IN_MODIFY occurring twice for tftp put
Sigaction and porting Linux code to Windows
Check if Python Script is already running
undefined reference to symbol '_ZN5boost6system15system_categoryEv' error
Docker linux: How to start multiple console/terminals for one running container?
How to restart stdin after Ctrl+D?
Issues with the format of .cpanel.yml file when trying to deploy cpanel git repository to directory.
Use inline comments in docker-compose command
E: Package 'python-pip' has no installation candidate
Linux default behavior of executable .data section changed between 5.4 and 5.9?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!