What processes are on the ends of a TCP connection?
Matt Crawford
matt at oddjob.uchicago.edu
Sat Mar 4 04:06:43 AEST 1989
In article <190 at heart-of-goldmitre.org> jc writes:
) OK all you BSD networking wizards, here's a simple one (;-):
)
) How do I identify the processes that are involved? [in a TCP
) connection] ...
) So can someone out there explain to me just how trivial it is?
Trivial? You decide. You can try going through the following procedure
with adb, then think about writing a program to do it for you.
Use "netstat -a -A" and note the "PCB" address of the connection of
interest. Call that address AAA.
adb /vmunix /dev/kmem
0xAAA$<tcpcb Note the adress of the "inpcb". Call it BBB.
0xBBB$<inpcb Note the address of the "socket". Call it CCC.
Now for the fun part. Look through the "struct proc"s of all the
processes in the process table and examine their "u" (aka "user") area,
which will be in memory locatable through the "struct pte p_addr" if the
process is resident, or on disk locatable through the "swblk_t p_swaddr"
if it is swapped out. Examine the "struct file *u_ofile[]" array of
each process, looking for one whose "caddr_t f_data" opints to the
address CCC you noted above.
Whew! Trivial, wasn't it?
________________________________________________________
Matt Crawford matt at oddjob.uchicago.edu
More information about the Comp.unix.wizards
mailing list