This questions was helpful to me, but I found using lsof
instead of netstat
let me avoid all the HEX stuff:
For a process ${APP}
run by user ${USER}
, the following returns all the open sockets to the IP address ${IP}:
PEEID=$(sudo pgrep -u ${USER} ${APP}) && for i in `sudo lsof -anP -i -u logstash | grep ${IP} | awk '{print $6}'` ; do echo "${device} time" ; sudo find /proc/${PEEID}/fd -lname "socket:\[${device}\]" -printf %t 2> /dev/null ; echo ; done
The lsof
contains the PID
too, but I am not sure how to get it and the device number.
This was tested on Amazon Linux.
1This recipe displays age of process that created TCP connection, not connection itself. – myroslav – 2015-12-24T13:17:46.967
@myroslav are you sure? It works against this Node.js script.
– cYrus – 2015-12-24T15:33:20.277I'd tested your new script with TCP connections opened by my Firefox on Fedora 22 64-bit, and I'm getting definitely not "uptime" numbers. When new socket opens, it is getting "random" uptime, usually the time of "youngest" ESTABLISHED socket. – myroslav – 2015-12-25T23:23:52.093
@myroslav I'm using Debian (3.16.0-4-amd64) here, the only thing I notice is that the time reported is actually about 3 seconds late with respect to the socket creation. Maybe there are some system-dependent behaviors involved... – cYrus – 2015-12-26T11:21:54.660
For the script, "$ suptime 192:168:120:10 6379 Traceback (most recent call last): File "<string>", line 1, in <module> socket.error: illegal IP address string passed to inet_aton Address does not match" – Ondra Žižka – 2017-11-24T18:35:08.003