Can anyone help with tracking the source IP address of a telnet
connection under 11.23i. We currently do this using lsof but lsof under
11.23i has a problem with identifying telnet connections.

I need to be able to track it by using the connection's tty (e.g.
pts/1) as a starting point.

TIA

robwlindsay@gmail.com wrote:
> Can anyone help with tracking the source IP address of a telnet
> connection under 11.23i.

11.23i? Is that perhaps mashing the kernel naming - ie 11.23 with the
Operating environment naming - ie 11iv2?

> We currently do this using lsof but lsof under 11.23i has a problem
> with identifying telnet connections.

Can you be more specific?

> I need to be able to track it by using the connection's tty (e.g.
> pts/1) as a starting point.

> TIA


--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway...
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

robwlindsay@gmail.com wrote:
> Can anyone help with tracking the source IP address of a telnet
> connection under 11.23i. We currently do this using lsof but lsof under
> 11.23i has a problem with identifying telnet connections.
>
> I need to be able to track it by using the connection's tty (e.g.
> pts/1) as a starting point.
>
> TIA

To be more precise, the HP-UX kernel's PSTAT implementation from which
lsof
obtains open file information has a problem. That problem was once
fixed in HP-UX
11.11, but the fix was lost in HP-UX 11.23 for all architectures.

I have been told that fix will be restored by a depot available "real
soon now." I've
tested a preliminary version of it and it appears to restore the
delivery of telnet TCP/IP
connection parameters to lsof. To track or locate the depot, refer to
defect
JAGag05130.

Unfortunately the patch in the depot does not fix a similar problem
that exists for nfsd,
reported in defect JAGaf96371 in November 2005. The PSTAT kernel
implementation
does not deliver its UDP/IP parameters, either. While both are related
to the failure of
PSTAT to report stream sockets properly by following their module
chains to their
private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
solution to this
defect has been declared an enhancement request by the HP NetUX
Transport Lab
and there is so far no commitment to fix it.

Vic Abell, lsof author

Thanks for the info ...

Any suggestions on tracking the source of a telnet connection without
using lsof ... until the patch is delivered?

abe@purdue.edu wrote:

> robwlindsay@gmail.com wrote:
> > Can anyone help with tracking the source IP address of a telnet
> > connection under 11.23i. We currently do this using lsof but lsof under
> > 11.23i has a problem with identifying telnet connections.
> >
> > I need to be able to track it by using the connection's tty (e.g.
> > pts/1) as a starting point.
> >
> > TIA
>
> To be more precise, the HP-UX kernel's PSTAT implementation from which
> lsof
> obtains open file information has a problem. That problem was once
> fixed in HP-UX
> 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
>
> I have been told that fix will be restored by a depot available "real
> soon now." I've
> tested a preliminary version of it and it appears to restore the
> delivery of telnet TCP/IP
> connection parameters to lsof. To track or locate the depot, refer to
> defect
> JAGag05130.
>
> Unfortunately the patch in the depot does not fix a similar problem
> that exists for nfsd,
> reported in defect JAGaf96371 in November 2005. The PSTAT kernel
> implementation
> does not deliver its UDP/IP parameters, either. While both are related
> to the failure of
> PSTAT to report stream sockets properly by following their module
> chains to their
> private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
> solution to this
> defect has been declared an enhancement request by the HP NetUX
> Transport Lab
> and there is so far no commitment to fix it.
>
> Vic Abell, lsof author

The only suggestion I can offer is to see if your HP support people can
get access
to the pre-release copy of the patch against which I have tested lsof.

Vic

robwlindsay@gmail.com wrote:
> Thanks for the info ...
>
> Any suggestions on tracking the source of a telnet connection without
> using lsof ... until the patch is delivered?
>
> abe@purdue.edu wrote:
>
> > robwlindsay@gmail.com wrote:
> > > Can anyone help with tracking the source IP address of a telnet
> > > connection under 11.23i. We currently do this using lsof but lsof under
> > > 11.23i has a problem with identifying telnet connections.
> > >
> > > I need to be able to track it by using the connection's tty (e.g.
> > > pts/1) as a starting point.
> > >
> > > TIA
> >
> > To be more precise, the HP-UX kernel's PSTAT implementation from which
> > lsof
> > obtains open file information has a problem. That problem was once
> > fixed in HP-UX
> > 11.11, but the fix was lost in HP-UX 11.23 for all architectures.
> >
> > I have been told that fix will be restored by a depot available "real
> > soon now." I've
> > tested a preliminary version of it and it appears to restore the
> > delivery of telnet TCP/IP
> > connection parameters to lsof. To track or locate the depot, refer to
> > defect
> > JAGag05130.
> >
> > Unfortunately the patch in the depot does not fix a similar problem
> > that exists for nfsd,
> > reported in defect JAGaf96371 in November 2005. The PSTAT kernel
> > implementation
> > does not deliver its UDP/IP parameters, either. While both are related
> > to the failure of
> > PSTAT to report stream sockets properly by following their module
> > chains to their
> > private TCP/IP and IDP/IP information structures, the nfsd UDP/IP
> > solution to this
> > defect has been declared an enhancement request by the HP NetUX
> > Transport Lab
> > and there is so far no commitment to fix it.
> >
> > Vic Abell, lsof author

robwlindsay@gmail.com writes:

> Thanks for the info ...
>
> Any suggestions on tracking the source of a telnet connection without
> using lsof ... until the patch is delivered?

"who -R"?

Regards,
Ulrich

# Status de Conecciones Telnet en HP-UX por Ricardo Pelcastre
# MexLord - mexlord@hotmail.com
#!/opt/perl/bin/perl

%dias = (Sun => "Dom",
Mon => "Lun",
Tue => "Mar",
Wed => "Mie",
Thu => "Jue",
Fri => "Vie",
Sat => "Sab"
);

%meses = (Jan => "Ene",
Feb => "Feb",
Mar => "Mar",
Apr => "Abr",
May => "May",
Jun => "Jun",
Jul => "Jul",
Aug => "Ago",
Sep => "Sep",
Oct => "Oct",
Nov => "Nov",
Dec => "Dic"
);


$ip=$ARGV[0];
$cmd="/usr/bin/grep \"$ip\" /var/adm/syslog/syslog.log\n";

@lineas=qx($cmd);

foreach (@lineas)
{

if (/telnet\/tcp: Connection from\s+(\S+)\s+\((\S+)\) at (\S+)
(\S+)\s+(\S+) (\S+) (\S+)$/)
{
$salida=sprintf("[%s %2s %s %s] - %s =>
%s\n",$dias{$3},$5,$meses{$4},$6,$1,$2);
print $salida;
}

}