Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Feb 2019 06:56:49 -0800
From:      Cy Schubert <Cy.Schubert@cschubert.com>
To:        freebsd-hackers@freebsd.org,BBlister <bblister@gmail.com>
Subject:   Re: userland process rpc.lockd opens untraceable ports...is something wrong here?
Message-ID:  <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com>
In-Reply-To: <1550671337578-0.post@n6.nabble.com>
References:  <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu> <1550671337578-0.post@n6.nabble.com>
index | next in thread | previous in thread | raw e-mail 

On February 20, 2019 6:02:17 AM PST, BBlister <bblister@gmail.com> wrote:
>After one suggestion on the questions list,  I used the rpcinfo -p but
>this
>does not print every unknown port. For example:
>
># netstat -an | grep -E '874|815' 
>tcp4       0      0 *.815                  *.*                   
>LISTEN 
>tcp6       0      0 *.874                  *.*                   
>LISTEN 
>
>sockstat reports ? 
># sockstat | grep -E '874|815' 
>?        ?          ?     ?  tcp4   *:815                 *:* 
>?        ?          ?     ?  tcp6   *:874                 *:* 
>
>rpcinfo -p reports just one port 
># rpcinfo -p| grep -E '874|815' 
>    100021    0   tcp    815  nlockmgr 
>    100021    1   tcp    815  nlockmgr 
>    100021    3   tcp    815  nlockmgr 
>    100021    4   tcp    815  nlockmgr 
>
>
>The 874/tcp6 which belongs to rpc.lockd does not appear on this list. 
>Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ? 
>
>
>
>
>
>The grand question is of course, is there any tool to actually locate
>the
>processes that open ports and cannot be identified with sockstat? 
>
>The second grand question. Why rpc.lockd is a different kind of process
>that
>cannot be located from sockstat? Other RPC processes are found using
>sockstat, as the following printing shows:
>
># rpcinfo -p | grep 2049
>    100003    2   udp   2049  nfs
>    100003    3   udp   2049  nfs
>    100003    2   tcp   2049  nfs
>    100003    3   tcp   2049  nfs
>
>
>sockstat |grep 2049
>root     nfsd       41279 5  tcp4   *:2049                *:*
>root     nfsd       41279 6  tcp6   *:2049                *:*
>
>
>nfs is found using rpcinfo and also using sockstat.
>
>What rpc.lockd does and it is not found. After 25 years of sysadmin, I
>find
>it very strange for Freebsd to not being able to trace a listening port
>to
>an executable.
>
>
>
>--
>Sent from:
>http://freebsd.1045724.x6.nabble.com/freebsd-hackers-f4034256.html
>_______________________________________________
>freebsd-hackers@freebsd.org mailing list
>https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to
>"freebsd-hackers-unsubscribe@freebsd.org"

Rpcinfo  displays rpcbind's mapping of RPC program numbers to ports.

Sockstat and lsof provide the output you desire. Sockstat output below, lsof output is too difficult to cut and paste on a phone.

3443  4  udp6   *:652                 *:*
root     rpc.statd  3443  5  tcp6   *:652                 *:*
root     rpc.statd  3443  6  udp4   *:652                 *:*
root     rpc.statd  3443  7  tcp4   *:652                 *:*

Your kernel and userland are not in sync.


-- 
Pardon the typos and autocorrect, small keyboard in use.
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3104E48D-B9A8-46F3-BFB9-8E1CB649882E>