Missing ports and rpcinfo
I was making an inventory of the bound ports on my server, when I encountered a rather strange situation: a high port that was not associated with any process.
The easiest way to find sockets like that is with:
ss -tunalep | grep -v users
In terms of the /proc file system this means: the socket is listed in one of /proc/net/{udp,tcp,udp6,tcp6}, but there is no process which has the corresponding inode open in /proc/PID/fd1.
The most likely reason is that this socket belongs to a kernel process; for some reason, there are not (always?) included.
So let's see what rpcinfo -p says, right? Wrong. Though rpcinfo is the right way to go, the -p option only shows IPv4 sockets. You need to use plain rpcinfo; but the way ports are shown makes it hard to find them.
The following short script will give better output:
rpcinfo |
while read program version netid address service owner; do
if [ "$netid" != local ]; then
set -- $(sed 's,^\(.*\)\.\([0-9]\+\)\.\([0-9]\+\)$,\1 \2 \3,' <<< "$address")
addr="$1"
port=$(expr 256 \* "$2" + "$3")
else
addr="$address"
port=""
fi
printf "%6s %2s %5s %20s %5s %12s %10s\n" "$program" "$version" "$netid" "$addr" "$port" "$service" "$owner"
done
And there it was: nlockmgr.
- 1. Note that you must use the -L flag of ls to show the inode of the file the symlinks are pointing to, instead of the inode of the symlink itself.