Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] What is listening on port X?



Hoi,

On Mon, May 16, 2016 at 06:03:32PM +0900, Kalin KOZHUHAROV wrote:
> I have been taking various deep dives in linux recently (day job is
> incident response), and recently I found a challenge that no amount of
> googling solved...
> 
> On a system I have the following:
> 
> # netstat -tunelp|head -n3
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State       User       Inode      PID/Program name
> tcp        0      0 0.0.0.0:40636           0.0.0.0:*
> LISTEN      0          77216      -
> [..]

I am not really helping in naming a tool, but the good news is 
that the kernel needs to know how to deal with incoming packets 
on the port, so the information needs to be in the kernel.
Which would point at Systemtap or self written kernel modules,
if no userland tool can access the information from the kernel,
or the kernel does not even offer it nicely.

Reminds me of module counters as seen by "lsmod", for these one
can not afterwards see which code increased them.

Chris


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links