Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Feb 2019 07:02:17 -0700 (MST)
From:      BBlister <bblister@gmail.com>
To:        freebsd-hackers@freebsd.org
Subject:   Re: userland process rpc.lockd opens untraceable ports...is something wrong here?
Message-ID:  <1550671337578-0.post@n6.nabble.com>
In-Reply-To: <20190219220404.GA1668@troutmask.apl.washington.edu>
References:  <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
After one suggestion on the questions list,  I used the rpcinfo -p but this
does not print every unknown port. For example:

# netstat -an | grep -E '874|815' 
tcp4       0      0 *.815                  *.*                    LISTEN 
tcp6       0      0 *.874                  *.*                    LISTEN 

sockstat reports ? 
# sockstat | grep -E '874|815' 
?        ?          ?     ?  tcp4   *:815                 *:* 
?        ?          ?     ?  tcp6   *:874                 *:* 

rpcinfo -p reports just one port 
# rpcinfo -p| grep -E '874|815' 
    100021    0   tcp    815  nlockmgr 
    100021    1   tcp    815  nlockmgr 
    100021    3   tcp    815  nlockmgr 
    100021    4   tcp    815  nlockmgr 


The 874/tcp6 which belongs to rpc.lockd does not appear on this list. 
Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ? 





The grand question is of course, is there any tool to actually locate the
processes that open ports and cannot be identified with sockstat? 

The second grand question. Why rpc.lockd is a different kind of process that
cannot be located from sockstat? Other RPC processes are found using
sockstat, as the following printing shows:

# rpcinfo -p | grep 2049
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs


sockstat |grep 2049
root     nfsd       41279 5  tcp4   *:2049                *:*
root     nfsd       41279 6  tcp6   *:2049                *:*


nfs is found using rpcinfo and also using sockstat.

What rpc.lockd does and it is not found. After 25 years of sysadmin, I find
it very strange for Freebsd to not being able to trace a listening port to
an executable.



--
Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-hackers-f4034256.html

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1550671337578-0.post>