We Keep Coding

Using /proc/<pid>, how can I identify a network port number's application?

I'm trying to identify what application is running on port 56474 without having root access. I know the application was started by me.
Example:
netstat -tunap
tcp 0 0 0.0.0.0:56474 0.0.0.0:* LISTEN -
I've tried using /proc/pid scripts to walk all using grep on ls -l /proc/pid/fd results. Here is my attempt. NOTE: Not sure if I was heading the right direction
for I in `find /proc/*/fd -exec ls -l {} \; 2>/dev/null | awk -F"->|:" '/socket/ {print $4}' | sort -u | sed -e 's/\[//g' -e 's/\]//g'`; do grep $I /proc/*/net/tcp; done
I had no success. Not sure if there is a way. Thanks.

NOTE: Added another answers as lsof was not satisfactory.
This should work:
#! /bin/bash
port=56474
hex_port=$(echo "obase=16; $port" | bc )
inode=$(cat /proc/net/tcp | grep ":$hex_port" | awk '{print $10}')
for i in $(ps axo pid); do
ls -l /proc/$i/fd 2> /dev/null | grep -q ":\[$inode\]" && echo $i
done
Explanation:
Once we have the port number converted to Hexadecimal, we can get the inode number from /proc/net/tcp (10th field), then we loop through /proc/pids/fd and find a symlink pointing to the inode.

If you're sure the application was started by you then you can use lsof:
/usr/sbin/lsof -nP | grep :56474 | awk '{print $2}'

Another technique to resolve pids and ports of all running apps without root:
1.) Get the pids of running apps. Either use the ActivityManager or parse a ps console output.
2.) iterate through /proc/$pid/net/status files and get the matching uid for a pid.
cat /proc/*pid*/net/status | grep Uid:
3.) Call and parse the output of tcp, tcp6,udp, udp6 files to match ports and uids:
cat /proc/net/tcp
...
4.) match the uids of both matchings, get a port-to-pid map without su access.
Cheers,
goethe

Unable to get Grep get information in Terminal

I'm unable to get 'get' in terminal using Grep.
This code used to work on Lion but in Maverick the GET doesn't show...
sudo tcpdump -i en1 -n -s 0 -w - | grep -a -o -E "Host\:\ .*|GET\ \/.*"
Any help or suggestions maybe?

Try:
sudo tcpdump -s 0 -A | egrep --color=never -a -o "Host\: .*|GET\ \/.*"
The -w - writes the raw packets whereas the -A decodes to ASCII; handy for web pages (per man)
I found that if grep was outputting color, the Host: lines were output as empty lines.

Perl adding value instead of characters

Im running a perl script to scan several hosts. When i put a single host in
$scanner->scan('-sS -p 1-1024 -sV -O --max-rtt-timeout 200ms 111.111.111.111');
it runs fine, but when I try to add a variable value inside by parsing a file with list of hosts
$scanner->scan('-sS -p 1-1024 -sV -O --max-rtt-timeout 200ms $host');
The program just assumes $host as characters, is there anyway to get around this? I'm using nmap::scanner as my module.
Thanks

Try replacing quotes by double-quotes:
$scanner->scan("-sS -p 1-1024 -sV -O --max-rtt-timeout 200ms $host");
or place $host outside:
$scanner->scan('-sS -p 1-1024 -sV -O --max-rtt-timeout 200ms '.$host);

you are using the wrong type of quotes
'
does not interpolate variables so
$x='fish';
$b='deep fried $x';
sets $b to deep fried $x
whereas
$b="deep fried $x";
sets $b to deep fried fish
See perldoc perlop for more details

output multi if statements to mail

Using sh on linux I am looking to output the results from multiple if statements to a mail message.
#snap server1
running=`ps -U server1 | wc -l`
if [ $running -eq 1 ]; then
/root/zfsnap/zfSnap.sh -v -a 30d tank/server1
fi
#snap server2
running=`ps -U server2 | wc -l`
if [ $running -eq 1 ]; then
/root/zfsnap/zfSnap.sh -v -a 30d tank/server2
fi
sleep 3 && echo "results of script" | mail -s "snapshot status" administrator#domain.local
## current output is
[root#backupserver ~]# ./backup_script_daily.sh
/sbin/zfs snapshot tank/server1#2013-08-26_12.28.22--30d ... DONE
/sbin/zfs snapshot tank/server2#2013-08-26_12.28.22--30d ... DONE
I'm not really sure how to do this for multiple if statements. I've seen many discussions on individual if statements. I actually have about 8 more (user/servers) in this script. My scripting experience for years has been very low level :). Would it be better to use something like Perl
put servers into array
for each server in array
run command > to text file
end and mail(textfile)
I appreciate any suggestions or ideas and I apologize for any issues with the post. This is my first one.
Kind Regards,
~Jon R.

You can enclose all commands whose output you want to capture in a { } block and pipe the whole thing into the mail command, e.g.:
#!/bin/bash
{
for server in server{1..2}; do
if (( $(pgrep -U "${server}" 2>/dev/null | wc -l) > 0 )); then
/root/zfsnap/zfSnap.sh -v -a 30d "tank/${server}"
fi
done
} | mail -s "snapshot status" administrator#domain.local

Nmap scan range output file problem

Okay, I want to have Nmap scan an IP range for computers with a certain port open (port 80 in this case) and have it output all the IP's it finds into a text file, stored in this format:
192.168.0.1
192.168.0.185
192.168.0.192
192.168.0.195
So to output the file, I tried using this command:
nmap -sT -p 80 -ttl 40 192.168.0.0-255 -oG - | grep "80/open" > output.txt
Where "output.txt" is the output file that contains the results. So a line of output.txt looks
like this:
Host: 192.168.0.1 () Ports: 80/open/tcp//http///
So I basically want it only to output the IP address with port 80 open, and nothing else.
I want it to not output the "Host: " or the "()" and "Ports: 80/open/tcp//http///" lines. So is there anyway I can have Nmap not put that stuff into the output file? Or make it only
output the IP addresses? I tried looking at the map page, it was of little help. And I looked all over the Internet and that wasn't very useful either. So does anyone know how I can do this? Thanks

Awk is your friend!
$ nmap -sT -p 80 192.168.0.0/24 -oG - | awk '/ 80\/open/{print $2}' > output.txt
This will find lines with port 80 open (notice the space before 80, if you plan to scan more than the one port!), and print field 2, splitting on whitespace. Another way to do it would be:
$ nmap -sT -p 80 --open 192.168.0.0/24 -oG - | awk '$4=="Ports:"{print $2}' > output.txt
This one uses the --open argument to Nmap to only produce output for hosts with open ports. The awk command checks that this is a "Ports" line, not a "Status" line (which may only show up when using -v, but I'm not positive) before printing the IP address.
Note that it is usually in your best interests to save the scan results to a file, to avoid needing to repeat the scan if you decide to extract some different information. If you choose to do this, I would recommend using the XML output (-oX), since there are lots of analysis tools that have parsers built for it already.

Having nmap produce exactly what you want would indeed be nice. But as a more general solution:
$ nmap ... | grep ... | tr '/' ' ' | awk '{ print $2,$5; }
192.168.0.1 80
Or maybe:
nmap ... | grep ... | tr '/' ' ' | cut -d' ' -f2,8

I found a script called scanreport.sh very useful. Although its not necessary, you could just use awk as suggested, but thought it might be of interest.
It gives the ability to output the nmap results nicely by service or port (with highlighting). It uses the grep-able output from nmap (-oG) after a quick tidy from grep -v ^# nmapoutput.txt > report.txt
Example
nmap -sS 192.168.1.22 -oG /directory/of/choice/results.txt
grep -v ^# results.txt > report.txt
./scanreport.sh -f report.txt
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -p 80
Host: 192.168.1.22 ()
80 open tcp http Apache httpd 2.2.14 ((Ubuntu))
./scanreport.sh -f report.txt -s ssh
Host: 192.168.1.22 ()
22 open tcp ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0)
Plenty of stuff on google about it but here a link to one ref.
./scanreport.sh