Thursday, September 04, 2008

A quick way to check UDP ports on Solaris

Ever need a quick way to check what UDP connections are active on your Solaris server? I recently had to validate a scanner's report that we had an unnecessary service running on UDP port 177. Unfortunately, Solaris does not yet ship with lsof as a standard tool, so it requires the use of netstat(1M).

root# netstat -an -P udp

UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- ----------
*.123 Idle
127.0.0.1.123 Idle
13.129.6.168.123 Idle
*.111 Idle
*.* Unbound
*.32771 Idle
...
Active UNIX domain sockets
Address Type Vnode Conn Local Addr Remote Addr
6001f6c18f8 dgram 6001fa6eb40 00000000 /var/vx/isis/vea_portal
6001f6c1c88 stream-ord 6001f6a4180 00000000 /var/run/.inetd.uds



Not too painful at all. Turns out that scan must have been an intermittent service, or a false-positive because I didn't turn up any trace of it, but it did give me a chance to reacquaint myself with a useful incantation of netstat.
Posted by at
Labels:

1 comment:

Unknown said...

I have solaris 8 servers and notice TCP ports 1013 - 1021 open and idle. They shut after a reboot and a netstat shows them the next day. I cannot see anything process associated with the port, lsof does return anying. A suggestion was to throw data at the port until a process shows up in TOP. Do you have any suggestions?

10:01 AM

Post a Comment

Subscribe to: Post Comments (Atom)