Does anybody know how to identify the owners of network sockets? Busybox netstat does not support the "-p" option and lsof does not exist on a plain openwrt.

I think the answer is "compile and install the regular netstat application". 

Failing that, kill processes one by one, running netstat each time you do it, to see which ports disappear from the list. Just make sure you don't kill the SSH server (dropbear)... Unless you have a serial port, that is.

Kaldek

(Last edited by kaldek on 6 Jul 2005, 03:07)

Thanks for your answer. Even if it's not the one I was hoping for. That would have been something like have a look at /proc/foo/bar. But I guess I can live with the try and error method.

you can try to use a chrooted mips debian distro. (maybe through nfs?)
I personally have an usb hard drive, and made a debian rootfs inside a file.
I just tried to launch a shell, it works, but did no more testing yet. there you have all 'real' linux commands.
there is a howto on chupa forums.

In /proc/net you'll find the files tcp, udp, raw, tcp6, udp6 and raw6 which have an "inode" field. If you look at the filedescriptors (/proc/_pid_/fd/) you will find links to the sockets a process has opened and you can find the same numbers as in the "inode" field.

Now that is what I call knowing your way around Linux.  Of course, I knew that too - I was just testing y'all.

I did some poking earlier and found /proc/net/tcp but I guess I wasn't looking hard enough..

The first columns are source and destination IP and ports in hex format. Neat.

Kaldek's suggestion about killing the process seems like the least useful solution ever!