These are all good, and certainly in general terms, are the way to map TCP services (and hence protocols) to services.
However if you want to do EXACTLY what the original poster wanted, this doesn't work. In Nicolas' example if you see a HTTP request coming in from say 1.2.3.4 on TCP port 12345 connecting to <server_host_IP_address> on port 80, all you can say is that ONE of the 9 httpd processes received the request, but you can't say which one. This might be important if you are trying to say determine if you have a session persistence issue or the like.
Regards, Martin
MartinVisser99@xxxxxxxxx
On Tue, Sep 29, 2009 at 6:51 PM, Nicolas BONNAND
<nbonnand@xxxxxxx> wrote:
Hi,
On linux, try lsof -i .
Example:
# lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 3593 root 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6959 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6960 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6961 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6962 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6963 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6964 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6965 apache 3u IPv6 8113 TCP *:http (LISTEN)
httpd 6966 apache 3u IPv6 8113 TCP *:http (LISTEN)
Examples taken from lsof man:
---------------------------------------
-i6 - IPv6 only
TCP:25 - TCP and port 25
@1.2.3.4 - Internet IPv4 host address 1.2.3.4
@[3ffe:1ebc::1]:1234 - Internet IPv6 host address 3ffe:1ebc::1, port 1234
UDP:who - UDP who service port
TCP@xxxxxxxxx:513 - TCP, port 513 and host name lsof.itap
tcp@foo:1-10,smtp,99 - TCP, ports 1 through 10, service name smtp, port
99, host name foo
tcp@bar:smtp-nameserver - TCP, ports smtp through nameserver, host bar
:time - either TCP or UDP time service port
Regards
Nicolas
***********************************************************************************
This e-mail is confidential, the property of NDS Ltd and intended for the addressee only. Any dissemination, copying or distribution of this message or any attachments by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please immediately notify the postmaster@xxxxxxx and destroy the original message. Messages sent to and from NDS may be monitored. NDS cannot guarantee any message delivery method is secure or error-free. Information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. We do not accept responsibility for any errors or omissions in this message and/or attachment that arise as a result of transmission. You should carry out your own virus checks before opening any attachment. Any views or opinions presented are solely those of the author and do not necessarily represent those of NDS.
To protect the environment please do not print this e-mail unless necessary.
NDS Limited Registered office: One Heathrow Boulevard, 286 Bath Road, West Drayton, Middlesex, UB7 0DQ, United Kingdom. A company registered in England and Wales Registered no. 3080780 VAT no. GB 603 8808 40-00
***********************************************************************************
