How to find what process is using a port in AIX 5L and above.

troym72 · May 19, 2010, 4:20pm

There have been a lot of threads about how to find processes that are using a specific port on an AIX server. After long hours of research and reading countless "you can't do that" responses, I finally found the answer.

YES IT CAN BE DONE! YES ITS EASY. NO, I DON'T KNOW WHY NO ONE GETS THIS ANSWER WHEN THEY ASK.

So here it is:

Recently, we had an issue with a port conflict on our server. Something was LISTENING on port 14248. You can find whether a port is in use by using the netstat command and grepping for the port number in question.

 
/>netstat -an | grep 14248
tcp        0      0  *.14248                *.*                    LISTEN

However, this is not enough to tell you what process is using the port, only that its being used. You can, however, add the -A argument to the netstat command and then use that output as an argument to the rmsock command to find the PID of the process using the port.

# netstat -Aan |grep 14248
f10007000864ebb0 tcp        0      0  *.14248            *.*                LISTEN
 
# rmsock f10007000864ebb0 tcpcb
The socket 0x864e808 is being held by proccess 143640 (java).
 
 
# ps -ef |grep 143640
    root  143640  127270   0   May 15      -  3:06 /var/opt/tivoli/ep/_jvm/jre/bin/java

Walla!! We see that the Tivoli java process is using port 14248.

Enjoy your new found power to find what process is using a port on your AIX server!

Cheers,
Troy Morton
Senior Technical Analyst
Hospital Sisters Health Systems

shockneck · May 21, 2010, 7:12am

It took 5 seconds to google this link from IBM IBM - Who's using my port?

kah00na · May 21, 2010, 10:25am

In the AIX Toolbox for Linux, there is a program called "lsof" which makes finding this information even easier. It can be downloaded from IBM's website here:

IBM AIX Toolbox for Linux Applications - Alphabetical Listing

You can pass it a "-i" followed by a colon and port number and you'll be shown the PID of the process using that port number (use the "grep LISTEN" to get the listening port and not the established connections):

host:/:$ which lsof
/usr/sbin/lsof
host:/:$ lsof -i :22 | grep LISTEN
sshd     2293958 root    3u  IPv4 0xf100050000489bb0      0t0  TCP *:ssh (LISTEN)
host:/:$ ps -ef | grep 2293958
    root  2293958  2949244   0   May 04      -  0:08 /usr/sbin/sshd
    root  6553842  2293958   0 08:33:52      -  0:00 sshd: user1 [priv]
    root 12910638  4522154   2 09:23:02  pts/1  0:00 grep 2293958
host:/:$

Way easier to remember.