I need to find out the socket options that an executing client program has set while opening TCP connections to a server. The client is running on Linux. Is it available under /proc/tcp?
Asked
Active
Viewed 3,614 times
3
abligh
- 24,573
- 4
- 47
- 84
user963986
- 363
- 1
- 5
- 10
3 Answers
2
I needed to do this too.
lsof doesn't help much as the tcp options aren't exposed in /proc/ as standard.
I used this kernel module https://github.com/veithen/knetstat which I modified to work with older kernel versions as well here: https://github.com/abligh/knetstat
This lets you do:
# cat /proc/net/tcpstat | head
Recv-Q Send-Q Local Address Foreign Address Stat Diag Options
0 0 0.0.0.0:16013 0.0.0.0:* LSTN SO_REUSEADDR=0,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 127.0.0.1:25 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=1,TCP_NODELAY=0
0 0 0.0.0.0:111 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 0.0.0.0:4643 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 127.0.0.1:753 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 127.0.0.1:113 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 127.0.0.1:754 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 127.0.0.1:1234 0.0.0.0:* LSTN SO_REUSEADDR=1,SO_KEEPALIVE=0,TCP_NODELAY=0
0 0 0.0.0.0:53618 0.0.0.0:* LSTN SO_REUSEADDR=0,SO_KEEPALIVE=0,TCP_NODELAY=0
abligh
- 24,573
- 4
- 47
- 84
0
You can run the executable under ltrace to see what library and system calls it makes along with call arguments.
Maxim Egorushkin
- 131,725
- 17
- 180
- 271
-2
lsof with the -p [PROC_ID] flag shows open fd's for that process. If you man lsof there are hundreds of different things you can find out about these sockets. Here is the standard usage:
[ 11:42 root@hozbox /proc/6828 ]# lsof -p 6828
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
SOAnswer_T 6828 jon cwd DIR 8,17 4096 3498003 /home/jon/SO/python
SOAnswer_T 6828 jon rtd DIR 253,0 4096 2 /
SOAnswer_T 6828 jon txt REG 253,0 6088 38614 /usr/bin/python
SOAnswer_T 6828 jon mem REG 253,0 20676 16173 /usr/lib/python2.6/lib-dynload/selectmodule.so
SOAnswer_T 6828 jon mem REG 253,0 32800 91247 /usr/lib/python2.6/lib-dynload/_struct.so
SOAnswer_T 6828 jon mem REG 253,0 37180 91249 /usr/lib/python2.6/lib-dynload/arraymodule.so
SOAnswer_T 6828 jon mem REG 253,0 30496 16167 /usr/lib/python2.6/lib-dynload/operator.so
SOAnswer_T 6828 jon mem REG 253,0 10448 16137 /usr/lib/python2.6/lib-dynload/_randommodule.so
SOAnswer_T 6828 jon mem REG 253,0 13552 16157 /usr/lib/python2.6/lib-dynload/fcntlmodule.so
SOAnswer_T 6828 jon mem REG 253,0 17152 91253 /usr/lib/python2.6/lib-dynload/cStringIO.so
SOAnswer_T 6828 jon mem REG 253,0 11648 12778 /lib/libcom_err.so.2.1
SOAnswer_T 6828 jon mem REG 253,0 19660 16148 /usr/lib/python2.6/lib-dynload/binascii.so
SOAnswer_T 6828 jon mem REG 253,0 8224 12704 /lib/libkeyutils-1.2.so
SOAnswer_T 6828 jon mem REG 253,0 28920 91246 /usr/lib/python2.6/lib-dynload/_ssl.so
SOAnswer_T 6828 jon mem REG 253,0 36580 15554 /lib/libkrb5support.so.0.1
SOAnswer_T 6828 jon mem REG 253,0 14640 20456 /lib/libutil-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 141532 4868 /lib/ld-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 1851728 4869 /lib/libc-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 202044 5741 /lib/libm-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 19788 4870 /lib/libdl-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 133136 5431 /lib/libpthread-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 76368 5748 /lib/libz.so.1.2.3
SOAnswer_T 6828 jon mem REG 253,0 122420 8431 /lib/libselinux.so.1
SOAnswer_T 6828 jon mem REG 253,0 101068 8430 /lib/libresolv-2.12.2.so
SOAnswer_T 6828 jon mem REG 253,0 25476 16120 /usr/lib/python2.6/lib-dynload/_collectionsmodule.so
SOAnswer_T 6828 jon mem REG 253,0 58404 16141 /usr/lib/python2.6/lib-dynload/_socketmodule.so
SOAnswer_T 6828 jon mem REG 253,0 11500 91240 /usr/lib/python2.6/lib-dynload/_hashlib.so
SOAnswer_T 6828 jon mem REG 253,0 6280 91263 /usr/lib/python2.6/lib-dynload/syslog.so
SOAnswer_T 6828 jon mem REG 253,0 22076 16164 /usr/lib/python2.6/lib-dynload/mathmodule.so
SOAnswer_T 6828 jon mem REG 253,0 16748 91265 /usr/lib/python2.6/lib-dynload/timemodule.so
SOAnswer_T 6828 jon mem REG 253,0 7616 16111 /usr/lib/python2.6/lib-dynload/_bisectmodule.so
SOAnswer_T 6828 jon mem REG 253,0 22560 16175 /usr/lib/python2.6/lib-dynload/stropmodule.so
SOAnswer_T 6828 jon mem REG 253,0 1603772 19175 /usr/lib/libpython2.6.so.1.0
SOAnswer_T 6828 jon mem REG 253,0 190528 63751 /lib/libgssapi_krb5.so.2.2
SOAnswer_T 6828 jon mem REG 253,0 758712 22619 /lib/libkrb5.so.3.3
SOAnswer_T 6828 jon mem REG 253,0 177868 20371 /lib/libk5crypto.so.3.1
SOAnswer_T 6828 jon mem REG 253,0 1596908 63969 /lib/libcrypto.so.1.0.0d
SOAnswer_T 6828 jon mem REG 253,0 358704 64033 /usr/lib/libssl.so.1.0.0d
SOAnswer_T 6828 jon mem REG 253,0 99158720 95278 /usr/lib/locale/locale-archive
SOAnswer_T 6828 jon 0u CHR 136,2 0t0 5 /dev/pts/2
SOAnswer_T 6828 jon 1w FIFO 0,8 0t0 2254540 pipe
SOAnswer_T 6828 jon 2u CHR 136,2 0t0 5 /dev/pts/2
SOAnswer_T 6828 jon 3u IPv4 2254907 0t0 TCP blah:36050->blah2.com.br:http (ESTABLISHED)
Or, with the -aU options to see only sockets:
[ 11:46 root@hozbox /proc/6828 ]# lsof -aU -p 1511
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
acpid 1511 root 4u unix 0xd9063800 0t0 10860 /var/run/acpid.socket
acpid 1511 root 6u unix 0xda79c200 0t0 10876 socket
/proc/PID/fd also lists all open fd's of a process.
More good stuff here too: See socket options on existing sockets created by other apps?
