How do I find the inode of a TCP socket?
The inode shown by ls
and stat
is for the symlink that points to the inode associated with the socket. Running ls -iLalh
shows the right inode. Ditto for stat -L
.
Herpa derp derp. I only figured this out when I was composing my question. ;_;
Finding a process ID given a socket and inode in Python 3
The following code accomplishes the original goal:
def find_pid(inode):
# get a list of all files and directories in /proc
procFiles = os.listdir("/proc/")
# remove the pid of the current python process
procFiles.remove(str(os.getpid()))
# set up a list object to store valid pids
pids = []
for f in procFiles:
try:
# convert the filename to an integer and back, saving the result to a list
integer = int(f)
pids.append(str(integer))
except ValueError:
# if the filename doesn't convert to an integer, it's not a pid, and we don't care about it
pass
for pid in pids:
# check the fd directory for socket information
fds = os.listdir("/proc/%s/fd/" % pid)
for fd in fds:
# save the pid for sockets matching our inode
if ('socket:[%d]' % inode) == os.readlink("/proc/%s/fd/%s" % (pid, fd)):
return pid
How to find socket port by inode struct in Linux?
You can obtain the socket
structure pointer from the struct file
with the exported function sock_from_file
.
It is then cast into a tcp_sock
, which contains an inet_connection_sock
which contains an inet_sock
which contains a sock
(not to be confused with socket
) which contains sock_common
. The two port numbers are ultimately stored in inet_sock
and sock_common
(well, that's how it works in a recent kernel version anyway).
Making use of these facts in a reliable way would be difficult. The layout and organization of all this is closely dependent on kernel version, and of course that the file descriptor actually represents a connected TCP socket.
Is it possible to find which user is at the other end of a localhost TCP connection?
On Linux, /proc/net/tcp
contains information on the open TCP sockets on the system. For a connected socket, the entries look like this (the header is part of the file, other lines removed):
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
11: 0100007F:C9CB 0100007F:0016 01 00000000:00000000 00:00000000 00000000 1000 0 978132 ...
The second and third columns have the endpoints of the socket, and the uid
column has the effective UID of the process what created the socket. /proc/net/tcp6
is similar for IPv6. (The IP address there is 127.0.0.1, so the octets seem to be in reverse order.)
If you wanted to track the actual process(es) holding the socket, you'd need to go through all /proc/$PID/fd/$N
entries, and compare the inode numbers in the socket symlinks to the inode number mentioned in the tcp socket table. But you can only see the file descriptors of your own processes, unless you're the superuser.
Related Topics
Linux Find Out Hyper-Threaded Core Id
What Tools Do I Need to Develop in Actionscript (In Linux)
How to Trace Per-File Io Operations in Linux
How to Get Eclipse Swt Browser Component Running on Ubuntu 11.04 (Natty Narwhal) with Webkit
How to List the Files in a Zip Archive Without Decompressing It
Tail Inverse/Printing Everything Except the Last N Lines
How to Read the Second-To-Last Line in a File Using Bash
Adding Users to Sudoers Through Shell Script
Pass Private Key Password to Openvpn Command Directly in Ubuntu 10.10
How to Compile Linux Kernel with Something Other Than Gcc
Sed: How to Delete Lines Matching a Pattern That Contains Forward Slashes
Prepend Data from One File to Another