SUMMARY: Finding network process name/pid

On Fri, 2007-08-17 at 11:01 +0100, John Horne wrote:
> The 'netstat -an' command will show me that processes are using certain
> network ports. E.g. 'netstat -an | grep 53' will show me that a DNS name
> server is running:
>                                Idle
>                            Idle
>     *.*            0      0 49152      0 LISTEN
> But how can I find out the process (executable) pathname or its PID?
Thanks for replies go to:

Juraj Lutter
francisco roque
Ric Anderson
Polachak, Jason
Edward Scown
Rahul Sen
Crist Clark
Tim Wright
John Leadeham

Some people replied suggesting using 'lsof', but as mentioned I didn't
want to do this. The other suggestion was to use the 'pfiles' command.
This will indeed show the executable name that is using a port, but the
man page for pfiles does contain a warning:

     The following proc tools stop their target  processes  while
     inspecting them and reporting the results: pfiles, pldd, and

     A process can do nothing while it  is  stopped.  Stopping  a
     heavily used process in a production environment, even for a
     short amount of time, can cause severe bottlenecks and  even
     hangs  of these processes, causing them to be unavailable to
     users. Some databases could also terminate abnormally. Thus,
     for  example,  a database server under heavy load could hang
     when one of the database processes is traced using the above
     mentioned  proc tools. Because of this, stopping a UNIX pro-
     cess in a production environment should be avoided.

In this instance I would need to loop through all the processes in /proc
(perhaps using 'ptree -a'), and then use pfiles on each PID to see if it
has the relevant port open. If it does, then extract the executable
pathname. It does work, but my concern, given the above warning, is that
many processes may need to be stopped before the relevant executable is
found. Probably not a problem if the server is not under load.


