Summary
We often need information about a process for troubleshooting and general investigation purposes, but it is not always clear where we can begin to find the things we require. This article covers how to obtain detailed process information by using the process’s listening port number to obtain the PID, and then looking up the PID in procfs.
Solution
We generally know the port number used to connect to any network application of interest. We can acquire the process ID of the application by looking up its port number, and then use the PID to find process details in procfs.
This article assumes you are using a Linux-like shell with procfs
available. Most Linux and related operating systems have procfs
already implemented - if your OS has a /proc
directory you can most likely use this method. Windows systems can obtain procfs
under Cygwin. OS X does not come with procfs
, although there is a way to add it.
Acquiring the PID via port number
Be aware that if you are not running as an owner of the process, you will not have access to some of this information.
To see all listening ports on the machine, run the following command:
netstat -anp | grep -i listen | grep -iv unix
You will see an output similar to this:
... tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:34799 0.0.0.0:* LISTEN 1455/ecmdrAgent tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - ...
The fourth column shows IP address and port a process listens to. Note that we filtered out everything but listening ports. The rightmost column shows the process ID and executable name in the format PID/name
.
We can look for a port we use to connect to the application to obtain a process ID and executable name. To find the line for a specific process, run the following command:
netstat -anp | grep -i listen | grep -iv unix | grep
Mac
There is no /proc
file system on Mac OS X, at least by default. You can still find a process listening on a given port using lsof
:
sudo lsof -i :
The output will look something like this:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME Python 49584 otsvinev 3u IPv4 0xe673a3039aad2c19 0t0 TCP *:8666 (LISTEN)
Obtaining information from the /proc
directory
Once we have the process ID, we can obtain extra information about the process using the /proc
directory. The directory for any process is located at /proc/
. To see what’s in the directory of a process, run:
ls -lah /proc/
Some potentially relevant files and directories in /proc/
are:
-
cmdline
- Command line arguments for the process -
`environ ` - Values of environment variables
-
fd
- Directory containing all file descriptors used by the process -
limits
- Displays the soft limit, hard limit, and units of measurement for each of the process’s resource limits
You can check the proc man page by running man proc
on your machine for more detailed information on the files and directories under /proc
.
The contents of these files can be viewed using your favorite Linux file output command, such as cat
or less
.
Examples
Obtaining PID
We will use the CloudBees CD (CloudBees Flow) server as an example; you can apply this to any agent or other network process as well. We know that by default the CloudBees CD (CloudBees Flow) server listens on port 8000, so we run:
netstat -anp | grep -i listen | grep -iv unix | grep 8000
We get the following output:
tcp6 0 0 :::8000 :::* LISTEN 970/java
We can see that in this case, 970 is the PID of our application.
Viewing /proc
files
Using the previous PID we obtained, we run:
ls -lah /proc/970
Here is a partial output:
... dr-xr-xr-x 2 vagrant vagrant 0 Feb 17 18:04 attr -rw-r--r-- 1 vagrant vagrant 0 Feb 17 18:04 autogroup -r-------- 1 vagrant vagrant 0 Feb 17 18:04 auxv -r--r--r-- 1 vagrant vagrant 0 Feb 17 18:04 cgroup --w------- 1 vagrant vagrant 0 Feb 17 18:04 clear_refs -r--r--r-- 1 vagrant vagrant 0 Feb 17 17:36 cmdline ...
You can use the following command to format the content outputs of cmdline
or environ
to something more readable. This will split command line parameters and environment variables to present one parameter or variable per line:
cat /proc// | sed -e s/\\x00/\\n/g
or
xargs --null --max-args=1 echo < /proc//
To see all files, pipes and sockets opened by the process, which are stored in directory /proc/
/fd, run:
ls -la /proc//fd