Date: Wed, 20 Feb 2019 07:41:39 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-hackers@freebsd.org,BBlister <bblister@gmail.com> Subject: Re: userland process rpc.lockd opens untraceable ports...is something wrong here? Message-ID: <D6E45FB6-D833-4E17-A044-675A4B841EEF@cschubert.com> In-Reply-To: <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com> References: <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu> <1550671337578-0.post@n6.nabble.com> <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com>
index | next in thread | previous in thread | raw e-mail
On February 20, 2019 6:56:49 AM PST, Cy Schubert <Cy.Schubert@cschubert.com> wrote: >On February 20, 2019 6:02:17 AM PST, BBlister <bblister@gmail.com> >wrote: >>After one suggestion on the questions list, I used the rpcinfo -p but >>this >>does not print every unknown port. For example: >> >># netstat -an | grep -E '874|815' >>tcp4 0 0 *.815 *.* >>LISTEN >>tcp6 0 0 *.874 *.* >>LISTEN >> >>sockstat reports ? >># sockstat | grep -E '874|815' >>? ? ? ? tcp4 *:815 *:* >>? ? ? ? tcp6 *:874 *:* >> >>rpcinfo -p reports just one port >># rpcinfo -p| grep -E '874|815' >> 100021 0 tcp 815 nlockmgr >> 100021 1 tcp 815 nlockmgr >> 100021 3 tcp 815 nlockmgr >> 100021 4 tcp 815 nlockmgr >> >> >>The 874/tcp6 which belongs to rpc.lockd does not appear on this list. >>Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ? >> >> >> >> >> >>The grand question is of course, is there any tool to actually locate >>the >>processes that open ports and cannot be identified with sockstat? >> >>The second grand question. Why rpc.lockd is a different kind of >process >>that >>cannot be located from sockstat? Other RPC processes are found using >>sockstat, as the following printing shows: >> >># rpcinfo -p | grep 2049 >> 100003 2 udp 2049 nfs >> 100003 3 udp 2049 nfs >> 100003 2 tcp 2049 nfs >> 100003 3 tcp 2049 nfs >> >> >>sockstat |grep 2049 >>root nfsd 41279 5 tcp4 *:2049 *:* >>root nfsd 41279 6 tcp6 *:2049 *:* >> >> >>nfs is found using rpcinfo and also using sockstat. >> >>What rpc.lockd does and it is not found. After 25 years of sysadmin, I >>find >>it very strange for Freebsd to not being able to trace a listening >port >>to >>an executable. >> >> >> >>-- >>Sent from: >>http://freebsd.1045724.x6.nabble.com/freebsd-hackers-f4034256.html >>_______________________________________________ >>freebsd-hackers@freebsd.org mailing list >>https://lists.freebsd.org/mailman/listinfo/freebsd-hackers >>To unsubscribe, send any mail to >>"freebsd-hackers-unsubscribe@freebsd.org" > >Rpcinfo displays rpcbind's mapping of RPC program numbers to ports. > >Sockstat and lsof provide the output you desire. Sockstat output below, >lsof output is too difficult to cut and paste on a phone. > >3443 4 udp6 *:652 *:* >root rpc.statd 3443 5 tcp6 *:652 *:* >root rpc.statd 3443 6 udp4 *:652 *:* >root rpc.statd 3443 7 tcp4 *:652 *:* > >Your kernel and userland are not in sync. My mistake. This thread is about lockd, not statd. -- Pardon the typos and autocorrect, small keyboard in use. Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6E45FB6-D833-4E17-A044-675A4B841EEF>