Date: Wed, 20 Feb 2019 06:56:49 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: freebsd-hackers@freebsd.org,BBlister <bblister@gmail.com> Subject: Re: userland process rpc.lockd opens untraceable ports...is something wrong here? Message-ID: <3104E48D-B9A8-46F3-BFB9-8E1CB649882E@cschubert.com> In-Reply-To: <1550671337578-0.post@n6.nabble.com> References: <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com> <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net> <20190219220404.GA1668@troutmask.apl.washington.edu> <1550671337578-0.post@n6.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On February 20, 2019 6:02:17 AM PST, BBlister <bblister@gmail=2Ecom> wrote: >After one suggestion on the questions list, I used the rpcinfo -p but >this >does not print every unknown port=2E For example: > ># netstat -an | grep -E '874|815'=20 >tcp4 0 0 *=2E815 *=2E* =20 >LISTEN=20 >tcp6 0 0 *=2E874 *=2E* =20 >LISTEN=20 > >sockstat reports ?=20 ># sockstat | grep -E '874|815'=20 >? ? ? ? tcp4 *:815 *:*=20 >? ? ? ? tcp6 *:874 *:*=20 > >rpcinfo -p reports just one port=20 ># rpcinfo -p| grep -E '874|815'=20 > 100021 0 tcp 815 nlockmgr=20 > 100021 1 tcp 815 nlockmgr=20 > 100021 3 tcp 815 nlockmgr=20 > 100021 4 tcp 815 nlockmgr=20 > > >The 874/tcp6 which belongs to rpc=2Elockd does not appear on this list=2E= =20 >Is rpcinfo only for IPv4 and if yes,what tool do I use for IPv6 ?=20 > > > > > >The grand question is of course, is there any tool to actually locate >the >processes that open ports and cannot be identified with sockstat?=20 > >The second grand question=2E Why rpc=2Elockd is a different kind of proce= ss >that >cannot be located from sockstat? Other RPC processes are found using >sockstat, as the following printing shows: > ># rpcinfo -p | grep 2049 > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > > >sockstat |grep 2049 >root nfsd 41279 5 tcp4 *:2049 *:* >root nfsd 41279 6 tcp6 *:2049 *:* > > >nfs is found using rpcinfo and also using sockstat=2E > >What rpc=2Elockd does and it is not found=2E After 25 years of sysadmin, = I >find >it very strange for Freebsd to not being able to trace a listening port >to >an executable=2E > > > >-- >Sent from: >http://freebsd=2E1045724=2Ex6=2Enabble=2Ecom/freebsd-hackers-f4034256=2Eh= tml >_______________________________________________ >freebsd-hackers@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to >"freebsd-hackers-unsubscribe@freebsd=2Eorg" Rpcinfo displays rpcbind's mapping of RPC program numbers to ports=2E Sockstat and lsof provide the output you desire=2E Sockstat output below, = lsof output is too difficult to cut and paste on a phone=2E 3443 4 udp6 *:652 *:* root rpc=2Estatd 3443 5 tcp6 *:652 *:* root rpc=2Estatd 3443 6 udp4 *:652 *:* root rpc=2Estatd 3443 7 tcp4 *:652 *:* Your kernel and userland are not in sync=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert <Cy=2ESchubert@cschubert=2Ecom> FreeBSD UNIX: <cy@FreeBSD=2Eorg> Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3104E48D-B9A8-46F3-BFB9-8E1CB649882E>