Jump to Navigation

Missing ports and rpcinfo

I was making an inventory of the bound ports on my server, when I encountered a rather strange situation: a high port that was not associated with any process.

The easiest way to find sockets like that is with:

ss -tunalep  | grep -v users

In terms of the /proc file system this means: the socket is listed in one of /proc/net/{udp,tcp,udp6,tcp6}, but there is no process which has the corresponding inode open in /proc/PID/fd1.

The most likely reason is that this socket belongs to a kernel process; for some reason, there are not (always?) included.

So let's see what rpcinfo -p says, right? Wrong. Though rpcinfo is the right way to go, the -p option only shows IPv4 sockets. You need to use plain rpcinfo; but the way ports are shown makes it hard to find them.

The following short script will give better output:

rpcinfo  | 
while read program version netid address service owner; do
if [ "$netid" != local ]; then
set -- $(sed 's,^\(.*\)\.\([0-9]\+\)\.\([0-9]\+\)$,\1 \2 \3,' <<< "$address")
addr="$1"
port=$(expr 256 \* "$2" + "$3")
else
addr="$address"
port=""
fi
printf "%6s %2s %5s %20s %5s %12s %10s\n" "$program" "$version" "$netid" "$addr" "$port" "$service" "$owner"
done

And there it was: nlockmgr.

  • 1. Note that you must use the -L flag of ls to show the inode of the file the symlinks are pointing to, instead of the inode of the symlink itself.
Tags:


Blog_article | by Dr. Radut