| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DM5PR01MB2812871BCF7C026223782698AC649@DM5PR01MB2812.prod.exchangelabs.com> Date: Tue, 25 Apr 2023 15:18:10 +0000 From: John Fleming <john@...kefishsolutions.com> To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: How to find information about kernel based open ports? Is there anyway to query to the kernel for open sockets? This is more from an administrative point of view. For example NFSD.ko and VXLAN.ko can create listening sockets (maybe that isn't the correct term). I was going to ask if I can tell which kernel module had a port open, but I guess in theory a module could be built into the kernel so I'm really not sure how to propperly ask the question. But basically is their a way to query the kernel for open sockets in the case of a socket being opening by the kernel and not say a process. Here is the best I can find using netstat. I see the PID/Program name is "-" which tells me it's the kernel (I think), but I don' t know anything beyond that. If I unload vxlan the listening port goes away, but that is more trial and error. root@...pute01:/proc/net# netstat -nlp | egrep -- '4789|PID' Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:4789 0.0.0.0:* - Proto RefCnt Flags Type State I-Node PID/Program name Path root@...pute01:/proc/net# My goal would be have some information about all kernel based listeners, hopefully beyond it's the kernel listening (it's the nfs subsystem, vxlan, whatever else). Please CC me on all replies as I'm not subscribed.
Powered by blists - more mailing lists