Determine which processes have listening ports on AIX

The open source "lsof" tool is great for determining what process has a port open.  Unfortunately lsof isn't included with AIX so if you just want to quickly identify which process is using a port and you don't have lsof you can use "netstat -Aan" combined with the "rmsock" command.

For example, lets say I want to identify which process is listening on port 1334.   I would first run:

# netstat -Aan | grep LISTEN | grep 1334
f100050000b05bb8 tcp4       0      0  *.1334                *.*                   LISTEN

You then take the first column (f100050000b05bb8 in this example) and run the following command:

# rmsock f100050000b05bb8 tcpcb
The socket 0xf100050000b05808 is being held by proccess 5767378 (writesrv).
You can see that port 1334 is open by the writesrv process with PID 5767378.

If you want to see all of the TCP listening ports and which processes and PID's are assigned to them, run the following script:

#!/usr/bin/ksh
print "Port            PID              Process"
netstat -Aan | grep LISTEN | awk '{print $1 " " $5}' | while read pcb port; do
out=`rmsock $pcb tcpcb`
  if echo "$out" | grep "Kernel Extension" > /dev/null; then
     printf "%-15s Kernel Extension\n" "$port"
  else
  pid=`echo "$out" | sed -n 's/.*pro[c]*ess \([0-9][0-9]*\) .*/\1/p'`
  if [ -n "$pid" ]; then
     proc=`ps -p $pid | tail -n 1 | awk '{print $4}'`
     printf "%-15s %-16s $proc\n" "$port" $pid
   else
   echo "Error, Line not recognized \"$out\" for Port $port"
   fi
fi
done

Here is example output from the script: