Friday, July 16, 2010

scripts: PCP - Show Open Ports & PIDs on Solaris

PCP is a very useful security and administration script that can help you quickly find Processes (PIDs) having particular TCP Port(s) open, TCP ports open by specific PIDs or even list all the TCP Ports open by all PIDs running on your system.

The PCP script works on Solaris 10/9/8 and can be downloaded from Click Here:






PIDs for TCP Port:

Run PCP with “-p” option to show the PIDs of processes having a TCP port (say Port 22)


 # ./pcp.sh -p 22
 PID     Process Name and Port
 -------------------------------------------------
 5455    /usr/lib/ssh/sshd 22
 sockname: AF_INET6 :: port: 22
 -------------------------------------------------

instance, to find PIDs opening TCP port 22.


TCP Ports open by PIDs:

Run PCP with “-P” option to show the TCP ports open by specific PID

For instance, here I try to find the TCP ports open by PID 18805

 # ./pcp.sh -P 18805
 PID     Process Name and Port
 -------------------------------------------------
 18805   /usr/lib/gnome-netstatus-applet
 sockname: AF_INET6 ::  port: 32809
 sockname: AF_INET 0.0.0.0  port: 32810
 sockname: AF_INET 127.0.0.1  port: 32823
 sockname: AF_INET 0.0.0.0  port: 0
 -------------------------------------------------


PIDs for all open TCP Ports:

Use the “-a” option to list all TCP ports open with all the PIDs

 # ./pcp.sh -a
 PID     Process Name and Port
 -------------------------------------------------
 39      /sbin/dhcpagent
 sockname: AF_INET 0.0.0.0  port: 68
 sockname: AF_INET6 ::  port: 546
 sockname: AF_INET 127.0.0.1  port: 4999
 sockname: AF_INET 127.0.0.1  port: 4999
 sockname: AF_INET 192.168.0.8  port: 68
 -------------------------------------------------
 73      /usr/lib/firefox/firefox-bin
 sockname: AF_INET 127.0.0.1  port: 4999
 -------------------------------------------------
 1219    /usr/lib/nfs/statd
 sockname: AF_INET 0.0.0.0  port: 0
 -------------------------------------------------
 3224    /usr/sadm/lib/smc/bin/smcboot
 sockname: AF_INET 127.0.0.1  port: 5987
 sockname: AF_INET 127.0.0.1  port: 898
 sockname: AF_INET 127.0.0.1  port: 5988
 -------------------------------------------------
 3225    /usr/sadm/lib/smc/bin/smcboot
 sockname: AF_INET 127.0.0.1  port: 32773
 -------------------------------------------------




Posted by Richard Arregin at 7/16/2010 12:57:00 PM
Labels: , ,

No comments:

Post a Comment