userland process rpc.lockd opens untraceable ports...is something wrong here?
Mike Tancsa
mike at sentex.net
Tue Feb 19 21:38:53 UTC 2019
On 2/19/2019 4:24 PM, Freddie Cash wrote:
> While it doesn't take you from a socket/port to a process, does
> procstat at
> least show you the sockets that rpc.lockd has open?
>
> Something like: procstat -f <pid-of-rpc.lockd>
>
> Although, one could probably run the following to get from the socket/port
> number to the process: procstat -f -a | grep 600
It doesnt seem to. sockstat shows
# sockstat | grep "^?"
? ? ? ? tcp4 *:845 *:*
? ? ? ? udp4 *:833 *:*
? ? ? ? udp4 *:2049 *:*
? ? ? ? udp6 *:976 *:*
? ? ? ? tcp6 *:882 *:*
? ? ? ? udp4 *:* *:*
? ? ? ? udp6 *:938 *:*
? ? ? ? udp6 *:2049 *:*
# procstat -f 2449
PID COMM FD T V FLAGS REF OFFSET PRO NAME
2449 rpc.lockd text v r r------- - - -
/usr/sbin/rpc.lockd
2449 rpc.lockd cwd v d r------- - - - /
2449 rpc.lockd root v d r------- - - - /
2449 rpc.lockd 0 v c rw------ 3 0 - /dev/null
2449 rpc.lockd 1 v c rw------ 3 0 - /dev/null
2449 rpc.lockd 2 v c rw------ 3 0 - /dev/null
2449 rpc.lockd 3 s - rw------ 1 0 UDD /var/run/logpriv
# sockstat | grep 845
? ? ? ? tcp4 *:845 *:*
# kill 2449
# sockstat | grep 845
#
--
-------------------
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
More information about the freebsd-hackers
mailing list