Professional Web Applications Themes

Finding the source of Broadcast - process id or application - Sun Solaris

Hi, I have a solaris box running a few applications. Recently our Network admin started seeing a lot of activity on the switch and it was traced back to the solaris box. When I did a snoop (snoop -d hme0 | grep 255) on the network port I got huge amount of broadcast from this box. Now how do I find the source of this broadcast. Is there any way to find out the particular process that is doing this broadcast? This would help me talk to the appn. guy and see what could be done. Appreciate any help on ...

  1. #1

    Default Finding the source of Broadcast - process id or application

    Hi,

    I have a solaris box running a few applications. Recently our
    Network admin
    started seeing a lot of activity on the switch and it was traced back
    to the solaris box. When I did a snoop (snoop -d hme0 | grep 255) on
    the network port I got huge amount of broadcast from this box. Now how
    do I find the source of this broadcast. Is there any way to find out
    the particular process that is doing this broadcast? This would help
    me talk to the appn. guy and see what could be done.

    Appreciate any help on this.

    Attaching the output of snoop:

    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1168
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1162
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1139
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1165
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1098
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1169
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=444
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=754
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=454


    Thanks & Regards,

    Bye.

    Javed.
    Javed Guest

  2. #2

    Default Re: Finding the source of Broadcast - process id or application

    In article <google.com>,
    Javed <com> wrote: 

    Use "lsof" to find the process using UDP port 33048.
     


    --
    Barry Margolin, com
    Level(3), Woburn, MA
    *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
    Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
    Barry Guest

  3. #3

    Default Re: Finding the source of Broadcast - process id or application

    what is your ip and subnet? some clients of mine one time gave their sever a
    broadcast ip address for the subnet. they were "IT" people. just a thought


    "Javed" <com> wrote in message
    news:google.com... 


    dek Guest

  4. #4

    Default Re: Finding the source of Broadcast - process id or application

    In article <U_meb.51086$I36.23747pd7tw3no>,
    "dek" <com> writes:
    |> what is your ip and subnet? some clients of mine one time gave their sever a
    |> broadcast ip address for the subnet. they were "IT" people. just a thought
    |>
    |>
    |> "Javed" <com> wrote in message
    |> news:google.com...
    |> > Hi,
    |> >
    |> > I have a solaris box running a few applications. Recently our
    |> > Network admin
    |> > started seeing a lot of activity on the switch and it was traced back
    |> > to the solaris box. When I did a snoop (snoop -d hme0 | grep 255) on
    |> > the network port I got huge amount of broadcast from this box. Now how
    |> > do I find the source of this broadcast. Is there any way to find out
    |> > the particular process that is doing this broadcast? This would help
    |> > me talk to the appn. guy and see what could be done.
    |> >
    |> > Appreciate any help on this.
    |> >
    |> > Attaching the output of snoop:
    |> >
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1168
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1162
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1139
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1165
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1098
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=1169
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=444
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=754
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=384
    |> > PRD14 -> 172.17.7.255 UDP D=7700 S=33048 LEN=454
    |> >
    |> >
    |> > Thanks & Regards,
    |> >
    |> > Bye.
    |> >
    |> > Javed.
    |>
    |>

    lsof | grep 'TCP.*:33048 (ESTABLISHED)'
    Keith Guest

  5. #5

    Default Re: Finding the source of Broadcast - process id or application

    Hi,

    Thanks guys for the input. I have heard about LSOF software. But the
    problem is that this server is in production and I am a bit hesitant
    to load lsof on to this server. Is there a way out manually to find
    the process id that is creating the broadcast.

    Regards,
    Javed.
    Javed Guest

  6. #6

    Default Re: Finding the source of Broadcast - process id or application

    In article <google.com>,
    com (Javed) writes:
    |> Hi,
    |>
    |> Thanks guys for the input. I have heard about LSOF software. But the
    |> problem is that this server is in production and I am a bit hesitant
    |> to load lsof on to this server. Is there a way out manually to find
    |> the process id that is creating the broadcast.
    |>
    |> Regards,
    |> Javed.

    Brute force:

    ps -elo pid= | while read pid ; do
    [[ $(pfiles 2>/dev/null $pid | grep 'port: 33048') != "" ]] && ps -fp $pid
    done

    Keith Guest

  7. #7

    Default Re: Finding the source of Broadcast - process id or application

    On Tue, 30 Sep 2003 22:33:17 GMT, cs.boeing.com wrote: 

    except that it isnt TCP traffic :-)

    So just grep for 33048



    --
    http://www.blastwave.org/ for solaris pre-packaged binaries with pkg-get
    Organized by the author of pkg-get
    [Trim the no-bots from my address to reply to me by email!]
    S.1618 http://thomas.loc.gov/cgi-bin/bdquery/z?d105:SN01618:D
    http://www.spamlaws.com/state/ca1.html
    Philip Guest

  8. #8

    Default Re: Finding the source of Broadcast - process id or application

    On Mon, 06 Oct 2003 23:23:49 +0000, Philip Brown wrote:
     
    >
    > except that it isnt TCP traffic :-)
    >
    > So just grep for 33048[/ref]

    Why not just use the intrinsic capability of lsof?

    [tmp]$ lsof -i :5988
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    smcboot 222 root 7u IPv4 0x3000205de40 0t0 TCP *:5988 (LISTEN)

    Dave Guest

Similar Threads

  1. Creating SWF broadcast application
    By FMCNewbie in forum Macromedia Flash Flashcom
    Replies: 3
    Last Post: March 24th, 06:42 PM
  2. Replies: 2
    Last Post: May 29th, 05:35 PM
  3. finding Process run time
    By Jeremy in forum PERL Beginners
    Replies: 2
    Last Post: February 25th, 08:51 PM
  4. Replies: 5
    Last Post: August 21st, 03:22 PM
  5. Finding Process ID of Runaway files
    By Dragan Cvetkovic in forum Sun Solaris
    Replies: 3
    Last Post: July 1st, 09:30 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139