如何找到哪个进程绑定套接字但不监听?
[英]how to find which process bind a socket but not listen?
问题描述
When I use nc to listen a port , it shows 
当我使用nc来监听端口时,它会显示出来
nc -l -vv -p 21000
retrying local 0.0.0.0:21000 : Address already in use Can't grab 0.0.0.0:21000 with bind
But I can not find which task occupy's this port with tools netstat / ss 但是我无法使用工具netstat / ss找到哪个任务占用了这个端口
netstat -an|grep 21000
;nothing find 没有找到
ss -a|grep 21000
;nothing find 没有找到
This port is occupied by my java program, the code is : 这个端口被我的java程序占用,代码是:
public class Test1 {
public static void main(String[] args) throws InterruptedException {
Socket s = new Socket();
try {
s.bind(new InetSocketAddress("127.0.0.1",21000));
} catch (IOException e) {
e.printStackTrace();
}
Thread.sleep(500000000000L);
}
}
when I bind a socket ,but do not use it with connect or listen. 当我绑定一个套接字,但不要与连接或监听一起使用它。 I get into the /proc/[java task id]/fd , find the inode of this socket is "socket:[3073501]" but I can't find the inode or port even in /proc/net/tcp or /proc/net/tcp6 我进入/ proc / [java task id] / fd,发现这个套接字的inode是“socket:[3073501]”但我找不到inode或端口,即使在/ proc / net / tcp或/ proc中也是如此/ NET / TCP6
Is there any method to find the process which bind's the socket but does not listen or connect. 是否有任何方法可以找到绑定套接字但不监听或连接的进程。
Thanks. 谢谢。
I see linux 3.10.0-327 source code. 我看到linux 3.10.0-327源代码。 I think the content of the file /proc/net/tcp come from the net/ipv4/tcp_ipv4.c. 我认为文件/ proc / net / tcp的内容来自net / ipv4 / tcp_ipv4.c。
in tcp_proc_register method, 在tcp_proc_register方法中,
static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
{
void *rc;
struct tcp_iter_state *st = seq->private;
st->state = TCP_SEQ_STATE_LISTENING;
rc = listening_get_idx(seq, &pos);
if (!rc) {
st->state = TCP_SEQ_STATE_ESTABLISHED;
rc = established_get_idx(seq, pos);
}
return rc;
}
It shows only the socks in listening or established from tcp_hashinfo. 它仅显示侦听中的socks或从tcp_hashinfo建立的socks。 But tcp_hashinfo has three struct 但是tcp_hashinfo有三个结构
struct inet_bind_hashbucket *bhash;
struct inet_listen_hashbucket listening_hash[INET_LHTABLE_SIZE];
struct inet_ehash_bucket *ehash;
bhash may be used for binding. bhash可用于绑定。 But is does not export in /proc/net/tcp. 但是不会在/ proc / net / tcp中导出。
1 个解决方案
解决方案1
2 2018-07-07 21:06:34
I tested your Java program under Ubuntu. 我在Ubuntu下测试了你的Java程序。
How to find a process that binds the socket but does not listen or connect: 如何找到绑定套接字但不监听或连接的进程:
lsof lsof的
lsof | grep "can't identify protocol"
You will get a result like: 您将得到如下结果:
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 29644 29653 stephan 12u sock 0,7 0t0 312066 can't identify protocol
Please note the TYPE sock and the NAME can't identify protocol . 请注意TYPE sock和NAME can't identify protocol 。
How does this work? 这是如何运作的? Take a look into the FAQ of lsof: 看看lsof的常见问题解答:
Why does /proc-based lsof report "can't identify protocol" for some socket files?
/proc-based lsof may report:
COMMAND PID ... TYPE ... NODE NAME pump 226 ... sock ... 309 can't identify protocolThis means that it can't identify the protocol (ie, the AF_* designation) being used by the open socket file.
...
You may not be able to find the desired node number, because not all kernel protocol modules fully support /proc/net information.
Verify Process 验证过程
The PID in the lsof output was 29644. lsof输出中的PID为29644。
ls -l /proc/29644/fd
which results in: 这导致:
...
lrwx------ 1 stephan stephan 64 Jul 7 22:52 11 -> socket:[312064]
lrwx------ 1 stephan stephan 64 Jul 7 22:52 12 -> socket:[312066]
...
and 和
grep 312066 /proc/net/*
gives an empty result. 给出一个空的结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.