AIX Listening Port to PID / Process mapping -- Using TCP Sockets
To map Listening Port to PID / Process can be done by two major ways.
Easiest method is to use the port number as input to the lsof command
KDB(Kernel Debugger) can also be used to make that Socket-to-PID mapping. As you can see from the below output use the sockinfo command. At the extreme end of the command, you can see the HEX number of the PID. In our example "02880" is that number. We can easily convert the HEX to DEC PID with the help of bc command.
- Using the port number
- Using the TCP Sockets.
# netstat -Aan | grep 9090
72d70a10 tcp4 0 0 *.9090 *.* LISTEN
Easiest method is to use the port number as input to the lsof command
# lsof -i :9090Socket-to-PID mapping can also be used with TCP Control Block as input to the rmsock command. rmsock wont delete or kill any application, as the command name suggests. It will check for the owner of the TCP Control Block, if the owner exists. It will just print the information.
lsof: WARNING: compiled for AIX version 5.2.0.0; this is 5.3.0.0.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
inetd 10368 root 16u IPv4 0x72d70a10 0t0 TCP *:wsmserver (LISTEN)
# rmsock 0x72d70a10 tcpcb
The socket 0x72d70808 is being held by proccess 10368 (inetd).
KDB(Kernel Debugger) can also be used to make that Socket-to-PID mapping. As you can see from the below output use the sockinfo command. At the extreme end of the command, you can see the HEX number of the PID. In our example "02880" is that number. We can easily convert the HEX to DEC PID with the help of bc command.
# kdb
(0)> sockinfo 0x72d70a10 tcpcb
---- TCPCB ----(@ 72D70A10)----
seg_next...............@72D70A10 seg_prev...............@72D70A10
t_softerror... 00000000 t_state....... 00000001 (LISTEN)
t_timer....... 00000000 (TCPT_REXMT)
.......
.......
TRUNCATED OUTPUT HERE FOR READABILITY
.......
.......
accept........... FFFFFFFF frcatime 00000000
isnoflgs 00000000 ()
rcvlen........... 00000000 frcaback.........@00000000
frcassoc.........@00000000 frcabckt......... 00000000
iodone.. 00000000 iodonefl 00000000 ()
ioarg............@00000000 refcnt........... 00000001
trclev........... 0001
proc/fd: 40/16
proc/fd: fd: 16
SLOT NAME STATE PID PPID PGRP UID ADSPACE CL #THS
pvproc+005000 40*inetd ACTIVE 02880 0236A 02880 00000 000182E3 0 0001
(0)> quit
# echo "ibase=16; 02880" | bc
10368
# ps -ef | grep 10368
root 10368 9066 0 08:18:45 - 0:00 /usr/sbin/inetd
When
root password was last updated in Aix server
This is cumbersome to know
when root password was lasted updated in Aix system especially at times of
audit. Calculating the days/time as per the info in /etc/security/password
which is really a madness. Here is the solution of how to check when root
password was last updated.
1) Check lastupdate in /etc/security/passwd or pwdadm -q root
root:
lastupdate = 1316984479
2) Then run this command
perl -le 'print scalar localtime 1316984479'
Mon Sep 26 02:31:19 2011
That's it!
1) Check lastupdate in /etc/security/passwd or pwdadm -q root
root:
lastupdate = 1316984479
2) Then run this command
perl -le 'print scalar localtime 1316984479'
Mon Sep 26 02:31:19 2011
That's it!
* Source Article from : Internet
