Sep 252012
Here’s one that looks up processes that have a file open… well, actually, more like a file expression; “foo” would match “/bar/foo” and “/foo/bar” (by intent), so use full paths if you’re not feeling frisky. And yes… busybox really does have that many duplicate processes with that file open….
[WPCM450 /tmp]$ ./lsof-pid-on-file.sh NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
[...]
pid #'s that use NVRAM_PrivateStorage00.dat: 419 430 431 432 437 448 449 450 451 452 453 454 455 456 457 458 459 460 461 464 465
pid names that use NVRAM_PrivateStorage00.dat: /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
/bin/fullfw
/flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat
[...]
pid #'s that use NVRAM_PrivateStorage00.dat: 419 430 431 432 437 448 449 450 451 452 453 454 455 456 457 458 459 460 461 464 465
pid names that use NVRAM_PrivateStorage00.dat: /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw /bin/fullfw
Script.
:
#
# busybox - find network ports being listened to by pid
#
fd="/proc/*/fd"
#
# list of all the stuff everyone is listening to
#
echo "collecting port data..."
# slooow... jumping through more hoops than michael jordon.. ls will produce lines like:
#
# [...]
# /proc/1261/fd:
# /proc/1262/fd:
# /proc/1263/fd:
# 0 lrwx------ 1 root root 64 Sep 25 15:03 3 -> socket:[4535]
# [...]
#
# this will have matching pairs of pid's & inodes of sockets
#
# grab the line before the match as the pid, since ls won't say what is going on
# and find won't work on this
#
all_sox=`ls -asl /proc/[0-9]*/fd 2> /dev/null | egrep 'socket:|fd' | awk '{ if (/fd:/) { split($1,fd,"/"); } if (/socket/) print fd[3], $NF ; }' | sed -e 's/socket:\[//' -e 's/\]//'`
echo "machine is listening on:"
grep -v local_address /proc/net/?[cd]p* | awk '{print $1, $3, $11}' | while read proto port inode ; do
if [ "X$proto" != "X" ] ; then
# echo "$proto, $port, $inode"
echo -n $proto | sed -e 's@^.*net/@@' -e 's/://'
echo -n ":"
#
# more busybox hoop jumping... sometimes like ice skating with roller skates
#
# the amazing sed+ stuff courtesy of http://stackoverflow.com/questions/3675012/hex-to-dec-con
#
echo $port | awk -F: '{print $2}' | sed 's,\(..\)\(..\)\(..\)\(..\),\4\3\2\1,g' | (read hex; echo $(( 0x${hex} )))
if [ "X$inode" != "X" ] ; then
pid=`echo "$all_sox" | grep " $inode"`
# fd=`ls -asl /proc/[0-9]*/fd 2> /dev/null | egrep 'socket:\[4535\]|fd' | awk '{ if (/fd:/) { split($1,fd,"/"); } if (/socket/) print "FD: ", fd[3]; }'`
if [ "X$pid" == "X" ] ; then
echo can\'t find process for inode $inode
echo
else
matching_pids=`echo "$pid" | awk '{ pids=sprintf("%s %s", pids, $1);} END { print pids }'`
# echo "MATCHING: $matching_pids"
for p in $matching_pids ; do
if [ -f /proc/$p/cmdline ] ; then
name=`sed -e 's/\o000/ /g' -e 's/ *$//' -e 's/^ *//' /proc/$p/cmdline`
else
name="?"
fi
echo -e "\\t$p = $name"
done
echo
fi
else
echo "no inode found associated with port $port"
fi
fi
done
#
# busybox - find network ports being listened to by pid
#
fd="/proc/*/fd"
#
# list of all the stuff everyone is listening to
#
echo "collecting port data..."
# slooow... jumping through more hoops than michael jordon.. ls will produce lines like:
#
# [...]
# /proc/1261/fd:
# /proc/1262/fd:
# /proc/1263/fd:
# 0 lrwx------ 1 root root 64 Sep 25 15:03 3 -> socket:[4535]
# [...]
#
# this will have matching pairs of pid's & inodes of sockets
#
# grab the line before the match as the pid, since ls won't say what is going on
# and find won't work on this
#
all_sox=`ls -asl /proc/[0-9]*/fd 2> /dev/null | egrep 'socket:|fd' | awk '{ if (/fd:/) { split($1,fd,"/"); } if (/socket/) print fd[3], $NF ; }' | sed -e 's/socket:\[//' -e 's/\]//'`
echo "machine is listening on:"
grep -v local_address /proc/net/?[cd]p* | awk '{print $1, $3, $11}' | while read proto port inode ; do
if [ "X$proto" != "X" ] ; then
# echo "$proto, $port, $inode"
echo -n $proto | sed -e 's@^.*net/@@' -e 's/://'
echo -n ":"
#
# more busybox hoop jumping... sometimes like ice skating with roller skates
#
# the amazing sed+ stuff courtesy of http://stackoverflow.com/questions/3675012/hex-to-dec-con
#
echo $port | awk -F: '{print $2}' | sed 's,\(..\)\(..\)\(..\)\(..\),\4\3\2\1,g' | (read hex; echo $(( 0x${hex} )))
if [ "X$inode" != "X" ] ; then
pid=`echo "$all_sox" | grep " $inode"`
# fd=`ls -asl /proc/[0-9]*/fd 2> /dev/null | egrep 'socket:\[4535\]|fd' | awk '{ if (/fd:/) { split($1,fd,"/"); } if (/socket/) print "FD: ", fd[3]; }'`
if [ "X$pid" == "X" ] ; then
echo can\'t find process for inode $inode
echo
else
matching_pids=`echo "$pid" | awk '{ pids=sprintf("%s %s", pids, $1);} END { print pids }'`
# echo "MATCHING: $matching_pids"
for p in $matching_pids ; do
if [ -f /proc/$p/cmdline ] ; then
name=`sed -e 's/\o000/ /g' -e 's/ *$//' -e 's/^ *//' /proc/$p/cmdline`
else
name="?"
fi
echo -e "\\t$p = $name"
done
echo
fi
else
echo "no inode found associated with port $port"
fi
fi
done
Sorry, the comment form is closed at this time.