I'm a newbie to shell programming and I'd like to find the IP address from the process ID. Right now, I'm able to get the PID for a specific process from :
vmname=$1
pid=`ps aux | grep $vmname | awk 'NR==1{printf("%s\n", $2) }'`
echo $pid
The above method returns the PID but how do I get the port from the pid? If I get the port, is there a command to get the IP address as well?
I'm using Ubuntu 11.04 and the above script is actually trying to find out the IP of a virtual machine running on KVM using this method.
Thanks!
You can employ the lsof utility. It gives the list of open files for a process. Use lsof -p pid . You need to grep on the output to get the port values for eg. something like this - lsof -p pid| grep TCP. This will list all the ports opened or connected to by the process. Refer to the manual of the utility. For most systems the utility comes pre-bundled with your OS. However, if it is not pre-bundled then you need to install this utility.
The PID and the computer's IP Address are two completely unrelated things.
PID stands for Process ID, and it's a handle for the OS to keep track of your program, among other things.
IP address is related to a network interface. Most computers have one or two of these (in the case of ethernet card/wireless device.)
Anyway, one way to get your computer's IP address is something similar to the following...There are quite possibly better ways to do it and I just don't know 'em...
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 60:eb:69:96:da:87
inet addr:192.168.1.112 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::62eb:69ff:fe96:da87/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:876533 errors:0 dropped:0 overruns:0 frame:0
TX packets:560999 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:229205080 (229.2 MB) TX bytes:136756800 (136.7 MB)
Interrupt:40 Base address:0x8000
$ ifconfig eth0 | grep "inet addr"
inet addr:192.168.1.112 Bcast:192.168.1.255 Mask:255.255.255.0
$ ifconfig eth0 | grep "inet addr" | cut -d ":" -f 2
192.168.1.112 Bcast
$ ifconfig eth0 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1
192.168.1.112
So the last command will get you what you want inside your script. The rest are just there to show you how I built up to the last command.
Before I start lsof should be used as suggested by #Drona if lsof and if root/su/sudo access is available.
For completness I was investigating this for getting the IP address of currently logged in chrooted SFTP users for a nagios script I did not want to have to create a sudoers rule for.
Easy way (not as easy as lsof and needs root but for completeness)
Step 1
$ ps -ef | grep ssh
UID PID PPID C STIME TTY TIME CMD
root 2479 14186 0 17:05 ? 00:00:00 sshd: sftpuser [priv]
1008 2481 2479 0 17:06 ? 00:00:00 sshd: sftpuser#notty
1008 2482 2481 0 17:06 ? 00:00:00 sshd: sftpuser#internal-sftp
root 2483 14186 0 17:06 ? 00:00:00 sshd: ttyuser [priv]
ttyuser 2485 2483 0 17:06 ? 00:00:00 sshd: ttyuser#pts/0
Above you can see the PID for the ssh users (added the ps columns for easier interpretation)
Step 2
sudo lsof -p 2481 | grep TCP
sshd 2481 root 3u IPv4 29176657 0t0 TCP 192.168.1.2:44156 (ESTABLISHED)
Alternative (more complex has the possibility of not needing rood)
Step 2 - Requires root access but is optional
$ sudo ls -l /proc/2481/fd
total 0
lrwx------ 1 root root 64 Jul 3 17:07 0 -> /dev/null
lrwx------ 1 root root 64 Jul 3 17:07 1 -> /dev/null
lr-x------ 1 root root 64 Jul 3 17:07 11 -> pipe:[29209918]
lrwx------ 1 root root 64 Jul 3 17:07 2 -> /dev/null
lrwx------ 1 root root 64 Jul 3 17:07 3 -> socket:[29209894]
lrwx------ 1 root root 64 Jul 3 17:07 5 -> socket:[29211080]
lr-x------ 1 root root 64 Jul 3 17:07 6 -> pipe:[29209915]
l-wx------ 1 root root 64 Jul 3 17:07 7 -> pipe:[29209915]
l-wx------ 1 root root 64 Jul 3 17:07 8 -> pipe:[29209916]
lr-x------ 1 root root 64 Jul 3 17:07 9 -> pipe:[29209917]
Step 3
$ fgrep 29209894 /proc/2481/net/tcp
8: 0101A8C0:0016 0201A8C0:B0B0 ...
here fgrep uses the number on the socked and the PID to extract the information.
The important information is 0101A8C0:0016 and 0201A8C0:B0B0. The first relates to ther server and the second is the connected client where the first part (split by the colon) is the hexadecimal representation of the reversed IP address and the second is the hexadecimal representation of the port. i.e
0101A8C0 -> 1.1.168.192 -> 192.168.1.1. If you know the port the server is listening on you can skip Step 2 and use the following instead of Step 3.
Step 2 + 3 Replacement when knowing the server port - if no root is availalble
in this case as I was checking for SFTP connections on the standard ssh port of 22 (in hex 0016)
$ fgrep 0016 /proc/2481/net/tcp
8: 0101A8C0:0016 0201A8C0:B0B0 ...
Related
I understand the impacts and functions of the kernel processkswapd.
As the output of ps -elf | grep swapd, I found kswapd is started by kthreadd. But how is it started step by step? Where's the extract related source code?
Here is the output of ps -elf | grep swapd:
$ ps -elf | head -n 1; sudo ps -elf | grep -i kswapd
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
1 S root 46 2 0 80 0 - 0 kswapd 11:42 ? 00:00:00 [kswapd0]
You see, the PID of the kernel process kthreadd is 2:
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
1 S root 2 0 0 80 0 - 0 kthrea 6/2 00:00:00 [kthreadd]
In addition, I can't find a binary program with the same name throughout the rootfs. For details, see below:
$ cat /proc/46/cmdline
#outputs nothing
sudo find / -iname kswapd 2>/dev/null
#outputs nothing
I think mm/vmscan.c has all or most of the answers you're looking for.
If you're asking how kswapd is initialized, the file contains kswapd_init().
If you're asking how kswapd is woken up by a process that needs more memory, the file contains wakeup_kswapd().
You can use a combination of grep, printk, and dump_stack() commands to step through the instructions executed before and aaft
How can one see the output of the memory usage per process in Windows using bash (Git bash) and without any additional tools installation?
I read about top command but there is no such thing in the default version of bash. Also, I have read about ps but it does not give the memory usage at all as in some examples I have seen (maybe some version has been changed).
Since Linux processes in WSL run in a container (conceptually similar to Docker), they can only see processes in the same container, nothing else.
You can see the virtual and resident size of processes in WSL by issuing the following command:
ps -eHww -o uid,pid,ppid,psr,vsz,rss,stime,time,cmd
Outputs:
max#supernova:~$ uname -a
Linux supernova 4.4.0-17763-Microsoft #379-Microsoft Wed Mar 06 19:16:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux
max#supernova:~$ ps -eHww -o uid,pid,ppid,psr,vsz,rss,stime,time,cmd
UID PID PPID PSR VSZ RSS STIME TIME CMD
0 1 0 0 8324 156 23:36 00:00:00 /init
0 3 1 0 8328 156 23:36 00:00:00 /init
1000 4 3 0 16796 3424 23:36 00:00:00 -bash
1000 35 4 0 17084 1716 23:57 00:00:00 ps -eHww -o uid,pid,ppid,psr,vsz,rss,stime,time,cmd
I have one text file in windows that contains lots of directories that I need to extract.
I tried to extract one directory and tried to cd to it in a shell script, but the cd command failed, with prompting cd: /VAR/GPIO/: No such file or directory.
I have confirmed that the directory exists in my local PC and the directory is correct (though it is relative). I have also searched a lot, seems some special windows characters exist in the extract file. I tried to see them with cat -A check and the result is ^[[m^[[K^[[m^[[KVAR/GPIO/$
I don't even know what the meaning of the m^ or [[K.
Could you please help me about this problem? I use Cygwin in Windows 7 64-bit.
Below is my related code for review:
templt_dir=$(cat temp | grep -m 1 "$templt_name" |head -1 | sed -n "s#$templt_name##p" | sed -n "s#\".*##p")
echo $templt_dir ###comment, it runs output: /VAR/GPIO/, that's correct!
cd $templt_dir ###comment, cd error prompts
cat temp | grep -m 1 "$templt_name" |head -1 | sed -n "s#$templt_name##p" | sed -n "s#\".*##p" > check ###comment, for problem checking
Below is the content of the check file:
$ cat -A check
^[[m^[[K^[[m^[[KVAR/GPIO/$
To confirm my directory is correct, below is the results of ls -l on /VAR:
$ ls VAR -l
total 80K
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:11 Analog/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:37 Communication/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:10 GPIO/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:11 HumanInterface/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:11 Memory/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:11 PWM/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:10 Security/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:11 System/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 25 16:25 Timers/
drwxrwx---+ 1 Administrators Domain Users 0 Jun 24 11:10 UniversalDevice/
The error message cd: /VAR/GPIO/: No such file or directory indicates that
the name stored in $templt_dir doesn’t exist.
This is actually due to the string containing non-printing ANSI escape
sequences.
You need to remove these characters from the string containing the directory.
I found the following sed substitution from this Unix and Linux answer
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g"
which you should include in your pipe command:
templt_dir=$(grep -m 1 "$templt_name" temp | sed -n "s#$templt_name##p; s#\".*##p" | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g")
Note: I concatenated your two sed substitutions into the one command and I removed the unnecessary cat. I also removed the redundant head -1 since grep -m 1 should only output one line. You can probably combine all the sed substitutions into one: sed -r "s#$templt_name##; s#\".*##; s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" (the -n sed option and p sed command can be left out if there’s only line being processed but I can’t test this without having the original file).
Other ways of using sed to strip ANSI escape sequences are listed at Remove color codes (special characters) with sed.
However, a better long-term fix would be to modify the process which creates the text file listing the directories to not include ANSI Escape codes in its output.
I'm trying to kill the process associated with port 161 (SNMP) on OS X.
I tried to get the process ID associated with this port using netstat and lsof but none of these seem to list PIDs:
$ netstat -an | grep 161
udp4 0 0 *.161 *.*
$ netstat -anp udp | grep 161
udp4 0 0 *.161 *.*
lsof -i :161
SNMP is UDP, not TCP. It does't "listen" because there is no such concept for UDP sockets.
Look for the process by its name or process ID instead.
I have two nodes and for experiment i have install glusterfs and create volume and successfully mounted on own node, but if i create file in node1 it is not showing in node2, look like both behaving like they are separate.
node1
10.101.140.10:/nova-gluster-vol
2.0G 820M 1.2G 41% /mnt
node2
10.101.140.10:/nova-gluster-vol
2.0G 33M 2.0G 2% /mnt
volume info split brian
$ sudo gluster volume heal nova-gluster-vol info split-brain
Gathering Heal info on volume nova-gluster-vol has been successful
Brick 10.101.140.10:/brick1/sdb
Number of entries: 0
Brick 10.101.140.20:/brick1/sdb
Number of entries: 0
test
node1
$ echo "TEST" > /mnt/node1
$ ls -l /mnt/node1
-rw-r--r-- 1 root root 5 Oct 27 17:47 /mnt/node1
node2 (file isn't there, while they are shared mount)
$ ls -l /mnt/node1
ls: cannot access /mnt/node1: No such file or directory
What i am missing??
Iptable solved my problem
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 49152 -j ACCEPT