在Linux中,/proc/$PID/fd目录下的链接文件可以揭示进程打开的套接字。文章介绍了如何使用`lsof`和`netstat`命令来查找和识别这些套接字对应的具体网络连接,如端口和远程主机。通过查看`lsof`的输出,特别是`DEVICE`列,可以确定套接字与哪个连接相关,并了解套接字的另一端信息。
Q:
Looking in /proc/$mypid/fd/, I see these files
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 0 -> /dev/pts/36(deleted)
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 3 -> socket:[1424055856]
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 4 -> socket:[1424055868]
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 5 -> socket:[1424055882]
Because I have access to the code, I know these sockets are tied to TCP connections (one is a connection to port 5672 on some machine, another is a connection to port 3306 on some other machine), but I want to know which socket is tied to which connection. How can I do that?
More generally, how can I ask the OS what is at the other end of the socket?
A:
A good option might be lsof. As man lsof states it is handy for obtaining information about open files such as Internet sockets or Unix Domain sockets.
Using it
At first, get an overview about /proc/$PID/fd/ and the listed socket numbers.
For example, socket:[14240] might interest you.
Then use lsof -i -a -p $PID to print a list of all network files $PID uses.
-i produces a list of network files belonging to a user or process
-a logically combines or AND's given parameters
-p $PID selects info only about your process
A typical output for my browser running with a PID of 2543 might be:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
browser2543 pidi 55u IPv4 14240 0t0 TCP pidi.router.lan:55038->stackoverflow.com:https (ESTABLISHED)
and more similar lines.
Great! Now take a closer look at the DEVICE column. It matches our previously listed socket from /proc/$PID/fd/!
And thanks to the NAME section we can say what the other end of our socket is.
In a real world run you might get a good amount of output, but just filter or grep for your socket of interest.
I'm pretty sure one could combine all commands, but that should be enough to get you started.
https://unix.stackexchange.com/questions/235979/how-do-i-find-out-more-about-socket-files-in-proc-fd
Q:
I am confused about the output below :
cd /proc/2045 ; ls -l fd
lrwx------ 1 root root 64 10月 8 19:04 66 -> socket:[294364529]cd /proc/2045 ; ls -l fd lrwx------ 1
what does socket:[294364529] mean ?
I guess it should be a socket opened by this thread, but what does the number mean ?
How can I find the port or Unix socket path corresponding to this ?
thanks !
A:
Based on your example "2045" is pid number of process and "294364529" is inode number of socket. In Linux sockets use normal file operations so this is why they have inode numbers.
Example: Let assume that I have in system socket with inode number 4654214.
Netstat:
netstat -alep | egrep -i "Inode|4654214"Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp0 0 *:9999 *:* LISTEN root 4654214 10619/nc
Lsof:
lsof -i | grep "4654214"nc10619 root 3u IPv4 4654214 0t0 TCP *:9999 (LISTEN)
More raw info (fot tcp):
grep -i "4654214" /proc/net/tcp5: 00000000:270F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 4654214 1 cc2c5f00 300 0 0 2 -1
This is way how you can get useful info about sockets. Additionally look at ss command.
扫一扫
2090
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
