Find the creator of an idle TCP connection

1

On Solaris (or Unix), how can I find the remote host associated with the creation of a currently idle TCP connection?

lsof gives me a bunch of lines like this:

java    25375 foo 8161u  IPv4 0xfffffeb1f6f523c0        0t0        TCP *:* (IDLE)

But the *:* puzzles me - I was expecting to see something like 

hostname:7000->10.199.132.158:54973 (IDLE)

Ben

Posted 2014-12-10T15:26:17.397

Reputation: 3 798

Answers

0

pfiles 25375

Look for socket entries, you will see the originating local/remote source as an IP address.

nslookup [remote ip]

Will give you the server.domainname

jim mcnamara

Posted 2014-12-10T15:26:17.397

Reputation: 769

Asked: 2014-12-10T15:26:17.397

Viewed: 151 times

Active: 2015-01-14T04:11:35.187