Date: Wed, 20 Feb 2019 07:41:39 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-hackers@freebsd.org,BBlister <bblister@gmail.com> Subject: Re: userland process rpc.lockd opens untraceable ports...is something wrong here? Message-ID: <D6E45FB6-D833-4E17-A044-675A4B841EEF@cschubert.com> In-Reply-To: <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com> References: <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu> <1550671337578-0.post@n6.nabble.com> <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On February 20, 2019 6:56:49 AM PST, Cy Schubert <Cy=2ESchubert@cschubert= =2Ecom> wrote: >On February 20, 2019 6:02:17 AM PST, BBlister <bblister@gmail=2Ecom> >wrote: >>After one suggestion on the questions list, I used the rpcinfo -p but >>this >>does not print every unknown port=2E For example: >> >># netstat -an | grep -E '874|815'=20 >>tcp4 0 0 *=2E815 *=2E* =20 >>LISTEN=20 >>tcp6 0 0 *=2E874 *=2E* =20 >>LISTEN=20 >> >>sockstat reports ?=20 >># sockstat | grep -E '874|815'=20 >>? ? ? ? tcp4 *:815 *:*=20 >>? ? ? ? tcp6 *:874 *:*=20 >> >>rpcinfo -p reports just one port=20 >># rpcinfo -p| grep -E '874|815'=20 >> 100021 0 tcp 815 nlockmgr=20 >> 100021 1 tcp 815 nlockmgr=20 >> 100021 3 tcp 815 nlockmgr=20 >> 100021 4 tcp 815 nlockmgr=20 >> >> >>The 874/tcp6 which belongs to rpc=2Elockd does not appear on this list= =2E=20 >>Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ?=20 >> >> >> >> >> >>The grand question is of course, is there any tool to actually locate >>the >>processes that open ports and cannot be identified with sockstat?=20 >> >>The second grand question=2E Why rpc=2Elockd is a different kind of >process >>that >>cannot be located from sockstat? Other RPC processes are found using >>sockstat, as the following printing shows: >> >># rpcinfo -p | grep 2049 >> 100003 2 udp 2049 nfs >> 100003 3 udp 2049 nfs >> 100003 2 tcp 2049 nfs >> 100003 3 tcp 2049 nfs >> >> >>sockstat |grep 2049 >>root nfsd 41279 5 tcp4 *:2049 *:* >>root nfsd 41279 6 tcp6 *:2049 *:* >> >> >>nfs is found using rpcinfo and also using sockstat=2E >> >>What rpc=2Elockd does and it is not found=2E After 25 years of sysadmin,= I >>find >>it very strange for Freebsd to not being able to trace a listening >port >>to >>an executable=2E >> >> >> >>-- >>Sent from: >>http://freebsd=2E1045724=2Ex6=2Enabble=2Ecom/freebsd-hackers-f4034256=2E= html >>_______________________________________________ >>freebsd-hackers@freebsd=2Eorg mailing list >>https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-hackers >>To unsubscribe, send any mail to >>"freebsd-hackers-unsubscribe@freebsd=2Eorg" > >Rpcinfo displays rpcbind's mapping of RPC program numbers to ports=2E > >Sockstat and lsof provide the output you desire=2E Sockstat output below, >lsof output is too difficult to cut and paste on a phone=2E > >3443 4 udp6 *:652 *:* >root rpc=2Estatd 3443 5 tcp6 *:652 *:* >root rpc=2Estatd 3443 6 udp4 *:652 *:* >root rpc=2Estatd 3443 7 tcp4 *:652 *:* > >Your kernel and userland are not in sync=2E My mistake=2E This thread is about lockd, not statd=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6E45FB6-D833-4E17-A044-675A4B841EEF>