Relating AF_INET sockets to processes using Perl

SIGSEGV has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

I would like to ask you for hints towards standard Perl functions, modules, or CPAN modules that can help in trying to relate INET sockets to PIDs in the process table.

I think there are some tools in the public domain such as lsof that can be used as command line programmes. However, I would prefer to use a Perl contained solution.

The OS is HP-UX 10.20. I have no notion of system programming on HP-UX using the HP-UX libc, or how to access kernel space to retrieve the wanted connection.

Would one need a packet filtering library like libpcap and a NIC in promiscous mode to achieve this?

I wonder how netstat -an -f inet is filering all active INET sockets. But then I'd still need the link to which proc is having handles on which socket.

I would know enough about basic Perl IPC in order to parse output from forked external commands, but as mentioned I'd prefer a Perl solution, if this is possible at all.

Rgds.

Comment on Relating AF_INET sockets to processes using Perl Download Code

Replies are listed 'Best First'.
Re: Relating AF_INET sockets to processes using Perl by xmath (Hermit) on Mar 04, 2003 at 15:52 UTC
'lsof' works I think by using the /proc filesystem if available, or by examining kernel memory directly otherwise (the utility is sgid 'kmem'). If you have a /proc filesystem maybe a perl-only solution is possible, but otherwise you'll really want to invoke lsof. It has a special -F option to produce output designed to be easily parsable by awk/perl scripts. I hope this helps you get started	[reply]
Re: Re: Relating AF_INET sockets to processes using Perl by SIGSEGV (Sexton) on Mar 05, 2003 at 08:31 UTC
xmath, on a Linux box I'd definetly make use of the marvelous /proc virtual filesystem. Unfortunately does HP-UX lack such a feature. I think HP-UX offers a /dev/kmem for kernel space queries. But since I never accessed that special device deliberately (I'm also hesitant because I wouldn't want to tamper with the kernel of a production server while I don't know the implications of privileged access to the kernel data), I simply don't know how to retrieve data from there. I think you are right that probably calling lsof and parsing its dump would be the easiest option.	[reply]
Re: Relating AF_INET sockets to processes using Perl by pg (Canon) on Mar 04, 2003 at 21:10 UTC
libpcap is not relevant to this issue. Even if you grab those packet using libpcap, the header info of those packets would not indicate from which process (OS entity) those packets are emitted. The network layer (compare to OS layer) does not care those processes (OS entity), and does not know those processes (OS entity), and what it cares is from which network entity those packets come. The info you want is not held by the network layer, but the OS layer. There is actually no secret how netstat gets those info, and all those data are stored in various system data structures. Netstat just presents those info in an easy to read format. I don’t know whether there is a Perl module to access those data structures. If not, you can always IPC them from netstat. If you want, do it in embedded c, and maybe make it into a CPAN module.	[reply]
Re: Re: Relating AF_INET sockets to processes using Perl by SIGSEGV (Sexton) on Mar 05, 2003 at 08:35 UTC
pg, thanks for shedding some light into the differences between OS and LAN layer.	[reply]