Linux view the TCP port owning process/thread _

Linux view the TCP port owning process/thread __linux

Last Update:2018-07-25 Source: Internet

Author: User

Tags inotify

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Under Linux, you will often need information about which ports the process has opened, and which process the port is open, and here's how to get that information.

Note: "Which ports the process has opened" is similar to the process/thread-gathering process for which a port belongs, looking only at "which process/thread does a port belong to"

1 netstat view ports and processes
View the ports and corresponding processes with the following command (requires root permission)

[Redhat@localhost ~]$ su
password:
[root@localhost redhat]# netstat-npta | grep
TCP        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1962/sshd
tcp        0      0:: £ º                       ::*                        LISTEN      1962/sshd

Because the netstat of some embedded platforms does not support the-P option:

# ls-l/bin/netstat
lrwxrwxrwx    1 0        0               7 June 17:35/bin/netstat-> busybox
# netstat-p
netst At:invalid option--p
BusyBox v1.10.1 (2011-03-30 16:10:40 CST) multi-call binary usage:netstat

[-laentuwxrw]
  display Networking Information

Options:-
        L      Display listening server sockets-a      display All sockets (default:connected)-
        e      Display other/more information-
        n      Don ' t resolve names-
        t      TCP Sockets-
        u      UDP Sockets-
        W      Raw Sockets-
        x      Unix Sockets-
        R      Display Routing Table-
        w      Display with no column truncation

The following trace netstat how this information is collected so that a port belongs to the process/thread without using the netstat command

2 Strace Netstat
Use Strace to track what Netstat-ntpa did.

[Root@localhost redhat]# strace netstat-ntpa execve ("/bin/netstat", ["netstat", "-ntpa"], [/* VARs]) = 0 BRK (0) = 0x9e2d000 Mmap2 (NULL, 4096, prot_read| Prot_write, map_private| Map_anonymous,-1, 0) = 0xb78e6000 Access ("/etc/ld.so.preload", R_OK) =-1 enoent (No such file or directory) open ("/ Etc/ld.so.cache ", o_rdonly) = 3 ... open ("/proc ", o_rdonly| o_nonblock| o_largefile| o_directory| O_cloexec = 3 Fcntl64 (3, F_GETFD) = 0x1 (Flags fd_cloexec) getdents (3,/* 264 entries/, 32768) = 4456 Open ("/proc/1/fd", o_rdonly| o_nonblock| o_largefile| o_directory| o_cloexec) = 4 getdents (4,//entries/32768) = 176 Readlink ("/proc/1/fd/0", "/dev/null" ...) = 9 Readlink ("p Roc/1/fd/1 ","/dev/null "() = 9 Readlink ("/PROC/1/FD/2 ","/dev/null ",) = 9 Readlink ("/proc/1/fd/3 "," pipe:[8927] "... ) = one readlink ("/proc/1/fd/4", "pipe:[8927]",) = one readlink ("/PROC/1/FD/5", "inotify" ...,) = 7 Readlink ("/proc /1/FD/6 ", "inotify",) = 7 Readlink ("/proc/1/fd/7", "socket:[8928") = + open ("/proc/1/cmdline", o_rdonly) = 5 rea D (5, "/sbin/init\0", 511) = one close (5) = 0 Open ("/proc/1/attr/current", o_rdonl y| O_largefile) = 5 Read (5, "system_u:system_r:init_t:s0\0", 4095) = Close (5) = 0 Open ("/se Linux/mls ", o_rdonly| O_largefile) = 5 Read (5, "1",) = 1 Close (5) = 0 socket (pf_file, S ock_stream|  Sock_cloexec, 0 = 5 Connect (5, {sa_family=af_file, path= "/var/run/setrans/.setrans-unix"},) =-1 enoent (No such FILE or directory close (5) = 0 Readlink ("/PROC/1/FD/9", "socket:[12555]" ...,) = open ("/p Roc/1/attr/current ", o_rdonly| O_largefile) = 5 Read (5, "system_u:system_r:init_t:s0\0", 4095) = Close (5) = 0 Getdents ( 4,/* 0 Entries * *, 32768) = 0 Close (4) = 0 OpeN ("/proc/2/fd", o_rdonly| o_nonblock| o_largefile| o_directory|                                O_cloexec = 4 getdents (4,/* 2 Entries * *, 32768) = Getdents (4, * 0 entries/, 32768) = 0 Close (4) = 0. Write (1, "Active Internet connections ser" ..., 54Active Internet connections (servers and E stablished) = Write (1, "Proto recv-q send-q local addres" ..., 108Proto recv-q send-q Local address Fore IGN address state Pid/program name = 108 Open ("/proc/net/tcp", o_rdonly) = 3 Fstat64 (3, {St _mode=s_ifreg|0444, St_size=0, ...}) = 0 Mmap2 (NULL, 4096, prot_read| Prot_write, map_private|      Map_anonymous,-1, 0) = 0xb7535000 Read (3, "SL local_address rem_address" ..., 1024) = 900 write (1, "TCP 0           
0 0.0.0.0:22 "..., 109tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1962/sshd             = 109 Write (1, "TCP 0 0 127.0.0.1:63" ..., 109tcp 0 0 127.0.0.1:631  0.0.0.0:* LISTEN 1656/cupsd) = 109 Write (1, "TCP 0 0 127.0.0.1:25" ..., 109 TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2050/master) = 109 Write                   (1, "TCP 0 0 0.0.0.0:5286" ..., 109tcp 0 0 0.0.0.0:52867 0.0.0.0:* LISTEN 1692/rpc.statd) = 109 Write (1, "TCP 0 0 0.0.0.0:111" ..., 109tcp 0 0 0.0.0.0:11                       1 0.0.0.0:* LISTEN 1596/rpcbind) = 109 Read (3, "", 1024)  = 0 Close (3) = 0 Munmap (0xb7535000, 4096) = 0 [Root@localhost redhat]#

As can be seen from the above information, NETSTAT-ANPT did the following several things:
A.shell create process, exec netstat,ld load netstat used dynamic link library
B. By traversing the proc file system, the collection process open socket file information,/proc/pid/fd/directory file for the actual file soft link, socket file for Socket:[inodeno]
C. Collecting TCP information from/PROC/NET/TCP
D. Associating a process with TCP through an inode number and outputting the information

3 Analog netstat-p function
3.1 Finding the inode corresponding to the socket

[Root@localhost redhat]# head-n 1/proc/net/tcp && cat/proc/net/tcp | grep:0016
  SL  local_address rem_address   St tx_queue rx_queue tr tm->when retrnsmt   uid  timeout Inode
   0:00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 13828 1 ecb02140 299 0 0 2 -1

Socket in Linux can also operate as a file (such as Read/write), and the corresponding file system is Socketfs (mount to the kernel, user space can not see)
/proc/pid/fd/The following socket file, usually the soft link of socket:[inode]

3.2 Association Process and socket based on the inode number of the socket file

For dir in ' Find/proc-name fd ' do
    ls-l $dir | grep ' socket\:\[13828\] ' && echo $dir done

For dir in ' find/proc/-name ' fd '; Do ls-l $dir | grep ' socket\:\[13828\] ' && echo $dir;d One

Result is

[Root@localhost redhat]# for dir into ' find/proc-name ' fd '
> Do
>     ls-l $dir | grep ' socket\:\[13828\] ' && echo $dir
> Done
lrwx------. 1 root 64 November 19:19 3-> socket:[13828]
/proc/1962/task /1962/FD
lrwx------. 1 root root 64 November 19:04 3-> socket:[13828]
/proc/1962/fd
[root@localhost Redha t]# head-n 1/proc/1962/status
Name:	sshd
[root@localhost redhat]#

You can see that port 22 is open by the 4162/sshd process.

Note:/proc/pid/task/below is the thread (lightweight process) information for the corresponding process

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More