Note: This web page was automatically created from a PalmOS "pedit32" memo.

What program is active on that port?

lsof -i tcp:22 (to do ssh, for example.  Available for free for many *ix's)

pfiles (solaris)

netstat -ap (linux)

"rpcinfo -p" or "rpcinfo -p" should list a fairly
large number of port to RPC service mappings, and should work on
pretty much any modern *ix (barring avoidance of RPC services and/or
firewalling).  Note that this information may sometimes be incorrect -
especially if a program were to register itself in rpcbind and/or portmap,
and later exit (prematurely) without first unregistering itself.

socklist (linux)

Recent versions of nmap purport to be able to tell what protocol is
active on a port, even if the protocol isn't on its usual port number.

If all of these fail, one of these approaches might work:

1) Stream a bunch of random data at the port, say, with netcat or
whatever.  Then run top as the gibberish is streaming, and see what
process has is accumulating CPU rapidly in top or similar.  Note that
some daemons may die if you do this - but if they do, they most likely
need a security fix.  :)

2) For each process on the system (except things like init, or nfsd):
attach a system call tracer to the process.  Then telnet to the port
(or do an nmap -sU).  If you have the right process, then the system
call tracer will generate a small (or large :) amount of activity right
when you connect (or talk to it via UDP).

3) Recent versions of nmap are supposed to be able to tell what is active
on a port, independent of the port number.  I haven't tried it yet,
but it sounds worth a try.

Back to Dan's palm memos