lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <DM5PR01MB2812871BCF7C026223782698AC649@DM5PR01MB2812.prod.exchangelabs.com>
Date:   Tue, 25 Apr 2023 15:18:10 +0000
From:   John Fleming <john@...kefishsolutions.com>
To:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: How to find information about kernel based open ports?

Is there anyway to query to the kernel for open sockets? This is more from an administrative point of view. For example NFSD.ko and VXLAN.ko can create listening sockets (maybe that isn't the correct term). I was going to ask if I can tell which kernel module had a port open, but I guess in theory a module could be built into the kernel so I'm really not sure how to propperly ask the question.

But basically is their a way to query the kernel for open sockets in the case of a socket being opening by the kernel and not say a process.

Here is the best I can find using netstat. I see the PID/Program name is "-" which tells me it's the kernel (I think), but I don' t know anything beyond that. If I unload vxlan the listening port goes away, but that is more trial and error.

root@...pute01:/proc/net# netstat -nlp | egrep -- '4789|PID'
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:4789            0.0.0.0:*                           -
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
root@...pute01:/proc/net#

My goal would be have some information about all kernel based listeners, hopefully beyond it's the kernel listening (it's the nfs subsystem, vxlan, whatever else).

Please CC me on all replies as I'm not subscribed.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ