Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Feb 2019 16:38:50 -0500
From:      Mike Tancsa <mike@sentex.net>
To:        Freddie Cash <fjwcash@gmail.com>, BBlister <bblister@gmail.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: userland process rpc.lockd opens untraceable ports...is something wrong here?
Message-ID:  <7b44b3ce-9b96-e91b-b9ca-57100c784db7@sentex.net>
In-Reply-To: <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com>
References:  <1550610819543-0.post@n6.nabble.com> <CAOjFWZ7kJoa-_EVBrLUwLrs9J7ERWqkRf4bZh_giQ4-NRrGS_w@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 

On 2/19/2019 4:24 PM, Freddie Cash wrote:
> While it doesn't take you from a socket/port to a process, does
> procstat at
> least show you the sockets that rpc.lockd has open?
>
> Something like:  procstat -f <pid-of-rpc.lockd>
>
> Although, one could probably run the following to get from the socket/port
> number to the process:  procstat -f -a | grep 600

It doesnt seem to.  sockstat shows

# sockstat | grep "^?"
?        ?          ?     ?  tcp4   *:845                 *:*
?        ?          ?     ?  udp4   *:833                 *:*
?        ?          ?     ?  udp4   *:2049                *:*
?        ?          ?     ?  udp6   *:976                 *:*
?        ?          ?     ?  tcp6   *:882                 *:*
?        ?          ?     ?  udp4   *:*                   *:*
?        ?          ?     ?  udp6   *:938                 *:*
?        ?          ?     ?  udp6   *:2049                *:*

# procstat -f 2449

  PID COMM                FD T V FLAGS    REF  OFFSET PRO NAME       
 2449 rpc.lockd         text v r r-------   -       - -  
/usr/sbin/rpc.lockd
 2449 rpc.lockd          cwd v d r-------   -       - -   /                
 2449 rpc.lockd         root v d r-------   -       - -   /                
 2449 rpc.lockd            0 v c rw------   3       0 -   /dev/null        
 2449 rpc.lockd            1 v c rw------   3       0 -   /dev/null        
 2449 rpc.lockd            2 v c rw------   3       0 -   /dev/null        
 2449 rpc.lockd            3 s - rw------   1       0 UDD /var/run/logpriv

 # sockstat | grep 845
?        ?          ?     ?  tcp4   *:845                 *:*
# kill 2449
# sockstat | grep 845
#



-- 

-------------------
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7b44b3ce-9b96-e91b-b9ca-57100c784db7>