I have a problem with the Linux kernel,
regarding the status of ports that are bound through an application,
but not used via listen() or connect().
E.g., Entering the following lines in a python command line,
to simulate the problem:
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(("127.0.0.1", 12345))
At this time, the socket is used, and a second program will receive an error when trying to bind to the same IP address and port.
Under Windows, netstat -qon | grep 12345 shows:
TCP 127.0.0.1:12345 0.0.0.0:0 BOUND 21820
But unfortunately I have found no tool and no documentation, where and how I can dig to that information under current mainstream Linux distributions.
It looks like, that in the upcoming iproute2 packet,
there is a -B option for ss,
but when I installed that on a recent
Debian “6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1” kernel,
the option was accepted, but the output was empty.
As the socket is used, the kernel must track that somewhere.
I figured out that I can track the binding event,
when I install auditd, but that must run
before an unknown program uses bind, and is a real big overhead
to get information that is already stored somewhere in kernel tables.
So somebody here might be able to point me into the right direction, where I can obtain this socket status information from the kernel, together with the pid of the process owning this socket.
This information must be somewhere in the kernel,
but, unfortunately, not e.g., in /proc/net/tcp.
I am happy with ready binary tools or with code-snippets pulling this information from the kernel.
binddoes??/proc/kcorewithgdb, but I don't know enough about how the kernel stores sockets (and the source doesn't make it immediately obvious).