rmsock 用法

rmsock on AIX.

cggibbo 270000TMUJ | July 24 2010 | Tags:  rmsocknetstatgibsonaixlparwparlsofchris | 10,210 Visits

1 person likes this

1

I like lsof.

 

Whenever I’m building a new AIX system I always make sure to install it. I really like the fact that I can quickly list processes that are connected to TCP and UDP ports on my system. For example, to check for the current SSH connections on my system I can run lsof and check port 22 (SSH). Immediately I have a good idea of the existing SSH sessions/connections. I can also check to see if the SSH server (sshd daemon) is running and listening (LISTEN) on my AIX partition.

 

# lsof -i tcp:22

Value of I :77   np:0

COMMAND    PID     USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME

sshd    340040     root    3u  IPv4 0xf100020002e4a3b0 0t277394  TCP aix01:ssh->172.29.131.16:49948 (ESTABLISHED)

sshd    385184 u0008904    3u  IPv4 0xf100020002e4a3b0 0t277394  TCP aix01:ssh->172.29.131.16:49948 (ESTABLISHED)

sshd    409808     root    3u  IPv4 0xf100020001c48bb0      0t0  TCP *:ssh (LISTEN)

 

But sometimes I work on systems that don’t have lsof installed. It may not be practical or appropriate for me to install it either. So I have to find another tool (or tools) that will do something similar.

 

Of course, I could use netstat to check that a server daemon was listening on a particular TCP port and view any established connections. But this doesn’t give me the associated process id’s.

 

$ netstat -a | grep -i ssh

tcp4       0      0  *.ssh                  *.*            LISTEN

tcp4       0     48  aix01.ssh      172.29.131.16.50284    ESTABLISHED

 

Fortunately, the rmsock command can provide that information. So if I wanted to find the process id for the sshd daemon that is listening on my system I’d do the following. First I need to find the socket id using netstat*.

 

# netstat -@aA | grep -i ssh | grep LIST | grep Global

Global  f1000700049303b0 tcp4       0      0  *.ssh     *.*                LISTEN

 

Then I can use rmsock to discover the process id associated with the sockect. In this case it’s PID 282700.

 

$ rmsock f1000200003e9bb0 tcpcb

The socket 0x3e9808 is being held by proccess 282700 (sshd).

 

Unlike what its name implies, rmsock does not remove the socket, if it is being used by a process. It just reports the process holding the socket. Note that the second argument of rmsock is the protocol. It'stcpcb in this example to indicate that the protocol is TCP. The results of the command are also logged to /var/adm/ras/rmsock.log.

 

# tail /var/adm/ras/rmsock.log

socket 0xf100020001c45008 held by process 434420 (writesrv) can't be removed.

socket 0xf100020000663008 held by process 418040 (java) can't be removed.

socket 0xf1000200012ad008 held by process 418040 (java) can't be removed.

socket 0xf100020000dec008 held by process 163840 (inetd) can't be removed.

socket 0xf100020000deb008 held by process 163840 (inetd) can't be removed.

socket 0xf10002000016f808 held by process 192554 (snmpdv3ne) can't be removed.

socket 0xf100020001c51808 held by process 442596 (dtlogin) can't be removed.

socket 0xf1000200012a4008 held by process 418040 (java) can't be removed.

socket 0xf100020000666008 held by process 315640 (java) can't be removed.

socket 0xf100020000deb808 held by process 163840 (inetd) can't be removed.

 

The following links have more information on the rmsock command:

 

http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg21264632

http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds4/rmsock.htm

http://www.ibmsystemsmag.com/print/print.aspx?print_page=%2Faix%2Ftipstechniques%2F6666printp1.aspx&string_referer=/aix/tipstechniques/6666p1.aspx

http://aixblogs.blogspot.com/2009/03/using-netstat-and-rmsock-to-identify.html

 

 

*Note: In my example I specified the @ symbol with the netstat command. I also grep’ed for the stringGlobal. You may have to do the same if you have WPARs running on your system. In my case I have two active WPARs who both have their own sshd process. My Global environment also has an sshd process. So in total there are three sshd daemons that I can view from the Global environment. By specifiying the @ symbol with netstat, I can quickly determine which process belongs to the Global environment and those that exist within each WPAR.

 

# netstat -aA | grep -i ssh | grep LISTEN

f1000700049303b0 tcp4       0      0  *.ssh              *.*                LISTEN

f100070000198bb0 tcp4       0      0  *.ssh              *.*                LISTEN

f100070000194bb0 tcp4       0      0  *.ssh              *.*                LISTEN

 

# netstat -@aA | grep -i ssh | grep LISTEN

Global  f1000700049303b0 tcp4       0      0  *.ssh       *.*                LISTEN

wpar1   f100070000198bb0 tcp4       0      0  *.ssh       *.*                LISTEN

wpar2   f100070000194bb0 tcp4       0      0  *.ssh       *.*                LISTEN