[英]how to find which process bind a socket but not listen?
When I use nc to listen a port , it shows 当我使用nc来监听端口时,它会显示出来
nc -l -vv -p 21000
retrying local 0.0.0.0:21000 : Address already in use Can't grab 0.0.0.0:21000 with bind
But I can not find which task occupy's this port with tools netstat / ss 但是我无法使用工具netstat / ss找到哪个任务占用了这个端口
netstat -an|grep 21000
;nothing find 没有找到
ss -a|grep 21000
;nothing find 没有找到
This port is occupied by my java program, the code is : 这个端口被我的java程序占用,代码是:
public class Test1 {
public static void main(String[] args) throws InterruptedException {
Socket s = new Socket();
try {
s.bind(new InetSocketAddress("127.0.0.1",21000));
} catch (IOException e) {
e.printStackTrace();
}
Thread.sleep(500000000000L);
}
}
when I bind a socket ,but do not use it with connect or listen. 当我绑定一个套接字,但不要与连接或监听一起使用它。 I get into the /proc/[java task id]/fd , find the inode of this socket is "socket:[3073501]" but I can't find the inode or port even in /proc/net/tcp or /proc/net/tcp6 我进入/ proc / [java task id] / fd,发现这个套接字的inode是“socket:[3073501]”但我找不到inode或端口,即使在/ proc / net / tcp或/ proc中也是如此/ NET / TCP6
Is there any method to find the process which bind's the socket but does not listen or connect. 是否有任何方法可以找到绑定套接字但不监听或连接的进程。
Thanks. 谢谢。
I see linux 3.10.0-327 source code. 我看到linux 3.10.0-327源代码。 I think the content of the file /proc/net/tcp come from the net/ipv4/tcp_ipv4.c. 我认为文件/ proc / net / tcp的内容来自net / ipv4 / tcp_ipv4.c。
in tcp_proc_register method, 在tcp_proc_register方法中,
static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
{
void *rc;
struct tcp_iter_state *st = seq->private;
st->state = TCP_SEQ_STATE_LISTENING;
rc = listening_get_idx(seq, &pos);
if (!rc) {
st->state = TCP_SEQ_STATE_ESTABLISHED;
rc = established_get_idx(seq, pos);
}
return rc;
}
It shows only the socks in listening or established from tcp_hashinfo. 它仅显示侦听中的socks或从tcp_hashinfo建立的socks。 But tcp_hashinfo has three struct 但是tcp_hashinfo有三个结构
struct inet_bind_hashbucket *bhash;
struct inet_listen_hashbucket listening_hash[INET_LHTABLE_SIZE];
struct inet_ehash_bucket *ehash;
bhash may be used for binding. bhash可用于绑定。 But is does not export in /proc/net/tcp. 但是不会在/ proc / net / tcp中导出。
I tested your Java program under Ubuntu. 我在Ubuntu下测试了你的Java程序。
How to find a process that binds the socket but does not listen or connect: 如何找到绑定套接字但不监听或连接的进程:
lsof lsof的
lsof | grep "can't identify protocol"
You will get a result like: 您将得到如下结果:
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 29644 29653 stephan 12u sock 0,7 0t0 312066 can't identify protocol
Please note the TYPE sock
and the NAME can't identify protocol
. 请注意TYPE sock
和NAME can't identify protocol
。
How does this work? 这是如何运作的? Take a look into the FAQ of lsof: 看看lsof的常见问题解答:
Why does /proc-based lsof report "can't identify protocol" for some socket files? 为什么/ proc-based lsof为某些套接字文件报告“无法识别协议”?
/proc-based lsof may report: / proc-based lsof可能会报告:
COMMAND PID ... TYPE ... NODE NAME pump 226 ... sock ... 309 can't identify protocol
This means that it can't identify the protocol (ie, the AF_* designation) being used by the open socket file. 这意味着它无法识别开放套接字文件使用的协议(即AF_ *指定)。 Lsof identifies protocols by matching the node number associated with the /proc//fd entry to the node numbers found in selected files of the /proc/net sub-directory. Lsof通过将与/ proc // fd条目关联的节点编号与/ proc / net子目录的所选文件中找到的节点编号进行匹配来标识协议。
... ...
You may not be able to find the desired node number, because not all kernel protocol modules fully support /proc/net information. 您可能无法找到所需的节点号,因为并非所有内核协议模块都完全支持/ proc / net信息。
Verify Process 验证过程
The PID in the lsof output was 29644. lsof输出中的PID为29644。
ls -l /proc/29644/fd
which results in: 这导致:
...
lrwx------ 1 stephan stephan 64 Jul 7 22:52 11 -> socket:[312064]
lrwx------ 1 stephan stephan 64 Jul 7 22:52 12 -> socket:[312066]
...
and 和
grep 312066 /proc/net/*
gives an empty result. 给出一个空的结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.