Q:
Looking in /proc/$mypid/fd/, I see these files
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 0 -> /dev/pts/36 (deleted)
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 3 -> socket:[1424055856]
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 4 -> socket:[1424055868]
lrwx------ 1 cm_user cm_user 64 Oct 14 03:21 5 -> socket:[1424055882]
Because I have access to the code, I know these sockets are tied to TCP connections (one is a connection to port 5672 on some machine, another is a connection to port 3306 on some other machine), but I want to know which socket is tied to which connection. How can I do that?
More generally, how can I ask the OS what is at the other end of the socket?
A:
A good option might be lsof. As man lsof states it is handy for obtaining information about open files such as Internet sockets or Unix Domain sockets.
Using it
At first, get an overview about /proc/$PID/fd/ and the listed socket numbers.
For example, socket:[14240] might interest you.
Then use lsof -i -a -p $PID to print a list of all network files $PID uses.
-
-iproduces a list of network files belonging to a user or process -
-alogically combines or AND's given parameters -
-p $PIDselects info only about your process
A typical output for my browser running with a PID of 2543 might be:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
browser 2543 pidi 55u IPv4 14240 0t0 TCP pidi.router.lan:55038->stackoverflow.com:https (ESTABLISHED)
and more similar lines.
Great! Now take a closer look at the DEVICE column. It matches our previously listed socket from /proc/$PID/fd/!
And thanks to the NAME section we can say what the other end of our socket is.
In a real world run you might get a good amount of output, but just filter or grep for your socket of interest.
I'm pretty sure one could combine all commands, but that should be enough to get you started.
https://unix.stackexchange.com/questions/235979/how-do-i-find-out-more-about-socket-files-in-proc-fd
Q:
I am confused about the output below :
cd /proc/2045 ; ls -l fd
lrwx------ 1 root root 64 10月 8 19:04 66 -> socket:[294364529]cd /proc/2045 ; ls -l fd lrwx------ 1
what does socket:[294364529] mean ?
I guess it should be a socket opened by this thread, but what does the number mean ?
How can I find the port or Unix socket path corresponding to this ?
thanks !
A:
Based on your example "2045" is pid number of process and "294364529" is inode number of socket. In Linux sockets use normal file operations so this is why they have inode numbers.
Example: Let assume that I have in system socket with inode number 4654214.
Netstat:
netstat -alep | egrep -i "Inode|4654214" Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 *:9999 *:* LISTEN root 4654214 10619/nc
Lsof:
lsof -i | grep "4654214" nc 10619 root 3u IPv4 4654214 0t0 TCP *:9999 (LISTEN)
More raw info (fot tcp):
grep -i "4654214" /proc/net/tcp 5: 00000000:270F 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 4654214 1 cc2c5f00 300 0 0 2 -1
This is way how you can get useful info about sockets. Additionally look at ss command.