| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
lsof and ifconfig
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 lsof and ifconfig - Aug. 15, '05, 9:53:25 PM
|
|
|
sides_dale
Posts: 8
Joined: Jul. 3, '05,
Status: offline
|
I assume that SFU uses the NT stack for all of it's IP communication. That being said I know that the way NT handles it's ip stack is completely different that *NIX does, but there are ways to get much of the same information from NT that lsof gets from *NIX. Is anyone aware of a "port" of lsof or a similar utility that could be run in the interix system?
On a similar topic is there a way to implement ifconfig on NT? Could there be a wrapper around netsh to mimic a lot of the ifconfig functionality?
The reason I am posing these questions is I have a lot of forensic scripts for investigating pid to port to interface issues using ifconfig and lsof. I also have scripts that can find the pid for processes listening on certain ports, giving the ability to create a stop script to put in rc2.d for programs that do not create a pid file.
|
|
|
|
|
RE: lsof and ifconfig - Aug. 16, '05, 1:23:08 AM
|
|
|
Rodney
Posts: 3142
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
Currently lsof can't be ported to Interix.
If you get the Nt version from the NtInternals website you can use it to show you open files
for all processes on the system.
> On a similar topic is there a way to implement ifconfig on NT?
Depends on how much you want in the way of functionality. The whole thing: no, not in the Interix space.
But if what you want is the reporting of existing NIC's and some info with them, then this can be done.
This is how I got BIND working better. But, as you noted earlier, some of the info is different.
> Could there be a wrapper around netsh to mimic a lot of the ifconfig functionality?
Depends on what you want it to do. But this is a viable way to some things.
The cc and c89 utilities, for example, are scripts that take options
and morph them to MSVC options.
> The reason I am posing these questions is I have a lot of forensic scripts...
You've have to do it on a script by script basis to know.
I've followed this path a fair bit already. The library pcap, for instance, needs
packet filtering support. And the only way to do that is through this funky Win32 thing
right now. So subsystem changes in Interix would need to be done to map this across.
It might be possible with W2K3/R2 in mixed mode with version 5.2, but not with 3.5.
> ...stop script to put in rc2.d for programs that do not create a pid file.
Well, if there's a particular daemon running without a /var/run pid file the program can be changed.
Right now cron, named, sshd, sendmail and syslogd all do; inetd should, but doesn't.
Your scripts sound good. But I think there's a disjunct of information for them.
|
|
|
|
|
RE: lsof and ifconfig - Aug. 18, '05, 11:35:13 PM
|
|
|
sides_dale
Posts: 8
Joined: Jul. 3, '05,
Status: offline
|
quote:
ORIGINAL: Rodney
Currently lsof can't be ported to Interix.
If you get the Nt version from the NtInternals website you can use it to show you open files
for all processes on the system.
I am looking at some utilities located on the www.codeproject.com site that reports on many of the same things that lsof does, as far as reporting programs to port usage, trying to port some of that to a usable command line util to at least get the port to app parts working.
[qoute]
> On a similar topic is there a way to implement ifconfig on NT?
Depends on how much you want in the way of functionality. The whole thing: no, not in the Interix space.
But if what you want is the reporting of existing NIC's and some info with them, then this can be done.
This is how I got BIND working better. But, as you noted earlier, some of the info is different.
I was able to mimic many of the functions of ifconfig by tying into the wmi layer with c# in the past. I may investigate this further for a semi-functioning command line ifconfig. I can at least get the ip changing portions working, but I have never been able to down an interface in win32 programatically.
quote:
It might be possible with W2K3/R2 in mixed mode with version 5.2, but not with 3.5.
5.2??
quote:
Well, if there's a particular daemon running without a /var/run pid file the program can be changed.
The problem has been in the past with Java programs in *NIX OS's that didn't offer a pid file, mainly older versions of weblogic. I had to write some clever shell scripts to get some auto-deployment scripts working to shut down the running version of weblogic. Using LSOF I was able to pick out the pid of the program running on the port weblogic was listening on (7050), issue the weblogic java t3 stop command, put a loop to check if port 7050 was still listening and sleep until it shut down. And if it went an extended period without stoping, I would go ahead and issue a kill command on the pid prior to deploying the new code. Companies are getting better about making pid files nowadays, but occasionally you still run into a few rogoue companies not conforming to the /var/run/pid file standards. With a port to pid style script of program you can successfully work around those companies short comings. It also helps determine if you have a trojan running on your system if you occasionally run scripts in cron to look for ports that are not supposed to be listening. My company hosts some machines where others are allowed to post there own code but are not supposed to open new ports but they will try and part of my job is to catch them. I was just hoping to take my existing *nix scripts and use them on the NT side with SFU.
|
|
|
|
|
RE: lsof and ifconfig - Aug. 18, '05, 11:43:10 PM
|
|
|
Rodney
Posts: 3142
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
> 5.2??
That the W2K3/R2 release also known as SUA.
It's the Interix subsystem shipping as part of the base Windows OS.
|
|
|
|
|
RE: lsof and ifconfig - Aug. 20, '05, 10:34:44 PM
|
|
|
sides_dale
Posts: 8
Joined: Jul. 3, '05,
Status: offline
|
Interix is shipping as a base install of the OS now?
|
|
|
|
|
RE: lsof and ifconfig - Aug. 20, '05, 11:01:37 PM
|
|
|
Rodney
Posts: 3142
Joined: Jul. 9, '02,
From: /Tools lab
Status: online
|
Starting with the release of W2K3 Server R2 (estimated release Dec/2005) only
for 32 and 64 bit platforms. It's the subsystem only. The utilities have to be
downloaded separately. It's call the "Subsystem for Unix Applications" (SUA) but
is really Interix version 5.2 (as reported by uname. Where version 4.X
went, I dunno. There's another thread that's following details as more things get known.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
