Correlation of TCP/IP connections to processes

Correlation of TCP/IP connections to processes

Post by Ray Brizz » Fri, 02 Feb 1996 04:00:00



To simplify UNIX maintenance in a high turnover user environment, we
have all security done at the workstation/Novell side. If their User Id
is valid for the application they are asking to use, we let it go
through as a common user name. Power Builder / INet TSR is the front
end.

Unfortunately, with Informix I-star and Solaris, there does not seem to
be any correlation so we can track back to the originator of a process.
The netstat -a shows all the active connections, which we can track
back to a workstation, but we can't correllate that to a process. Is
there anyway to reconnect this information so we can call a user to
find out what request they made when we see a problem? All users have
the same name on the Solaris side.

Thanks, Ray

 
 
 

Correlation of TCP/IP connections to processes

Post by Jerzy Tomas » Sat, 10 Feb 1996 04:00:00



>To simplify UNIX maintenance in a high turnover user environment, we
>have all security done at the workstation/Novell side. If their User Id
>is valid for the application they are asking to use, we let it go
>through as a common user name. Power Builder / INet TSR is the front
>end.
>Unfortunately, with Informix I-star and Solaris, there does not seem to
>be any correlation so we can track back to the originator of a process.
>The netstat -a shows all the active connections, which we can track
>back to a workstation, but we can't correllate that to a process. Is
>there anyway to reconnect this information so we can call a user to
>find out what request they made when we see a problem? All users have
>the same name on the Solaris side.
>Thanks, Ray

lsof (vic.cc.purdue.edu in pub/tools/unix/lsof) will let you trace the
host:port-host:port and pid. From the Solaris box you'll be able to
find out which host/port started each process. I have no idea how to
trace the Novell end of things.

-Jerzy