Professional Web Applications Themes

snoop a single process? - Sun Solaris

I would like to snoop for just a particular process, so I know who it is talking to. snooping a particular port isn't good enough, because I have many processes talking to the same destination port. From memory I recall that HP-UX had nettl that included process information in the output. How can this be done in Solaris? TIA, Ian...

  1. #1

    Default snoop a single process?

    I would like to snoop for just a particular process, so I know who it
    is talking to. snooping a particular port isn't good enough, because
    I have many processes talking to the same destination port. From
    memory I recall that HP-UX had nettl that included process information
    in the output. How can this be done in Solaris?

    TIA,
    Ian
    Ian Guest

  2. #2

    Default Re: snoop a single process?

    Ian D. <com> wrote: 

    If the process has established a TCP connection, you should be able to
    find the endpoints of the connection with 'fuser' or 'lsof'. Is that
    what you mean by "who it is talking to?"

    --
    Darren Dunham com
    Unix System Administrator Taos - The SysAdmin Company
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >
    Darren Guest

  3. #3

    Default Re: snoop a single process?

    Darren Dunham wrote:
     
    >
    >
    > If the process has established a TCP connection, you should be able to
    > find the endpoints of the connection with 'fuser' or 'lsof'. Is that
    > what you mean by "who it is talking to?"[/ref]

    I think he means that he has a process with pid 1000 that opens a
    port, then forks to create processes 1001, 1002, etc. If a packet
    goes by and comes from that port, he wants snoop to indicate whether
    it was 1000, 1001, or 1002 that sent it.

    I don't think Solaris has this capability. It seems like something
    that would have to be added to the kernel solely for the purposes
    of diagnostics.

    A good-enough approximation to this might be to run "truss" and
    "snoop" together. You can then see which process did a "write"
    just before the packet went out. (Both "truss" and "snoop" have
    timestamp options. "-d" and "-t a", respectively.) This is not
    a perfectly accurate method, but it may be good enough if you're
    just trying to diagnose something simple and the processes
    aren't spewing out packets really quickly.

    - Logan

    Logan Guest

Similar Threads

  1. how do i take a multi page single file & makeit single page single files?
    By Paul_A._Collins@adobeforums.com in forum Adobe Indesign Macintosh
    Replies: 6
    Last Post: December 4th, 04:05 PM
  2. Replies: 1
    Last Post: April 16th, 08:44 PM
  3. Snoop on Solaris.
    By SK in forum Sun Solaris
    Replies: 8
    Last Post: September 5th, 10:55 AM
  4. Many values from a single field returned into one single string
    By Vishal in forum Microsoft SQL / MS SQL Server
    Replies: 5
    Last Post: August 22nd, 11:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139