2

On Solaris, how can I get the remote IP or hostname associated with each TCP connection?

52d6c6af
  • 4,170

1 Answers1

2

Here is one way to do it:

netstat -a | grep ESTABLISHED |
    sed -e 's/\.\([^.]*\) / \1/g' -e 's/  */ /g' |
    nawk '
    BEGIN {format="%-10s\t%-10s\t%-10s\t%-10s\n";
    printf(format,"local_host","local_protocol","remote_host","remote_protocol")}
    {printf(format,$1,$2,$3,$4)}'
jlliagre
  • 14,179
  • So fancy... I would just do netstat -a | grep ESTABLISHED – Kamil Dec 10 '14 at 23:52
  • @Kamil The question asks for the remote host so I believe isolating it from the port/protocol is a good idea. The extra stuff provides filtering, headers and properly aligned columns, arguably more understandable than raw netstat output. – jlliagre Dec 11 '14 at 01:10
  • When I list the open TCP connections using lsof. Instead of seeing something like hostname1:port1->ipaddress:port2 (IDLE), I see *:* (IDLE). Why might a TCP connection have an apparent wildcard hostname and port like that? Specifically when it is IDLE. – 52d6c6af Dec 11 '14 at 09:10
  • These are unbound sockets, there no associated connection for them. – jlliagre Dec 11 '14 at 09:15
  • What might create such a socket? – 52d6c6af Dec 11 '14 at 09:37
  • These sockets do not use that much resources. A server might create a pool of them. They stay in that state until they are bound to an IP/port. – jlliagre Dec 11 '14 at 11:11
  • @jlliagre OK thanks. I am experiencing a program creating a very large number (around 7000) of IDLE TCP connections with *:* as the host information, which is actually causing a problem because it is blowing the file descriptor limit of the process. – 52d6c6af Dec 11 '14 at 14:50
  • 7000 idle sockets looks indeed quite a bit. You might workaround the issue by increasing the max number of file descriptor allowed to the process but identifying the root cause would be better. – jlliagre Dec 11 '14 at 15:16