Pages

Tuesday, December 1, 2015

How to tell which processes are connecting to Oracle

==============================
General
==============================
Sometimes there is a need to determine where from connections are coming to Oracle DB.

 ==============================
On Oracle host (199.188.111.86)
==============================
A. Find the suspected remote host

netstat -ano | grep 1521 | wc -l
490

 netstat -ano | grep 1521  | grep 192.168.110.4 | wc -l 
98

 B. Find the open ports on the suspected remote host.
netstat -ano | grep 1521  | grep 192.168.110.4 | grep keep 
tcp   0  0  199.188.111.86:1521  199.188.111.4:52605  ESTABLISHED keepalive (5306.17/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:11265  ESTABLISHED keepalive (6096.62/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:55128  ESTABLISHED keepalive (4930.29/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:9951   ESTABLISHED keepalive (2355.54/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:51404  ESTABLISHED keepalive (4717.04/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:51391  ESTABLISHED keepalive (6858.24/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:51403  ESTABLISHED keepalive (4935.00/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:55433  ESTABLISHED keepalive (5940.11/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:11205  ESTABLISHED keepalive (3176.02/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:57786  ESTABLISHED keepalive (1346.87/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:9792   ESTABLISHED keepalive (3342.94/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:57787  ESTABLISHED keepalive (1291.57/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:9776 ESTABLISHED keepalive (2204.64/0/0)
tcp   0  0  199.188.111.86:1521  199.188.111.4:9791 ESTABLISHED keepalive (3343.07/0/0)

==============================
On remote host (199.188.111.4)
==============================
A. Get the process details, by protocol@host:port  

lsof -iTCP@199.188.111.4:9776
COMMAND     PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME

notificat 16316   iu   14u  IPv4 2078111001      0t0  TCP esp-tel-2-aps-3:9776->esp-tel-2-ora-1:ncube-lm (ESTABLISHED)
lsof -iTCP@199.188.111.4:9791
COMMAND     PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
notificat 12764   iu   13u  IPv4 2078297343      0t0  TCP esp-tel-2-aps-3:9791->esp-tel-2-ora-1:ncube-lm (ESTABLISHED)



 B. Get the process details, by PID

ps -ef | grep 12764
iu       12764 12471  1 Nov26 ?        01:28:21 /starhome/igate/slv-tel-sp2/ig1//notification --PROCESSNAME=SLV-TELSP-01_SMS-02_A --EVENTNAME=SLV-TELSP-01_SMS-02_A_XEVT --CONFIG=VIP.INI

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)