On Most Linux Distributions, i was able to list all tcp connections by reading /proc/net/tcp, but this Doesn't exists on solaris, is there a file that i can read tcp connections from on Solaris 11?
thanks.
EDIT: forgot to mention that i'm coding in c.
If you're trying to rewrite netstat, I suggest looking at the source code for it: https://hg.java.net/hg/solaris~on-src/file/tip/usr/src/cmd/cmd-inet/usr.bin/netstat/netstat.c
The important parts are mibopen, which opens /dev/arp and pushes the tcp STREAMS module onto it, and mibget which actually requests the connection information. The code is a bit complicated, so I suggest stepping through the code in a debugger to understand how it works. The key syscalls are open, ioctl, putmsg, and getmsg.
If you just want to see what sockets a process has open, you can inspect /proc/PID/fd, as in pfiles: https://hg.java.net/hg/solaris~on-src/file/tip/usr/src/cmd/ptools/pfiles/pfiles.c
You should either use netstat -an or pcp
Related
There is an application running on a FreeBSD 10.1 release operating system and i need to figure out how to find the sockets it has created and is using. I know that i'm looking for an AF_MAP socket which should be similar to a AF_UNIX socket.
How do i see what sockets are open, and once i find the one im looking for i need to see what information passes through. how is this also done?
Thankyou
I'm not sure on FreeBSD specifically but you can use lsof in a way like:
$ lsof -p $(pidof your-appname)
This will give you all the files it has opened.
For AF_UNIX sockets you may refer to this.
Also, you may want to use netstat -xa to see CONNECTED state sockets (if the application uses stream oriented sockets)
For reasons I'd rather not go into (has to do with compatibility with a third-party library that I cannot change), I need to use a TCP socket to do IPC within a single process in iOS.
In order to prevent other processes from talking to my TCP IPC socket, I'd like to verify with the OS that the process calling connect() (from another thread) has the same PID as my own.
On OS X I noticed that netstat does not have this information (unlike other OSes such as Windows and Linux) and the only way I was able to determine this information was using lsof. I am not sure what might be available in the iOS sandbox, but so far it seems like my best bet (even though it seems expensive) is to figure out what lsof is doing and try to replicate that.
Does anyone know of a system call I can use in order to check this? I've already read through getsockopt(2) and don't see anything that applies, and I can't find documentation about what ioctl(2) calls are supported.
What might be possible here?
Wow, that sounds like a terrible API for an in-process library.
getpeername on the receiving end should match getsockname of the sending end. You could try to match it up with all open fds in the local process.
This question might sound fool, because I know there are bunch of frameworks that does it for you. What I want is actually get in touch with low level C API deeply and able to write a program that sits on computer and intercepts packets between local machine and outer spaces. I tried to figure it out by looking at open source code (i.e. tcpdump) but it's quite difficult for me to find out which file actually performs network sniffing. Any suggestions would be appreciated !
You have to use raw socket. Here's an example.
At least for what concern Linux and Unix like operating systems. I don't know about Windows.
If you're using a UNIX based system[*] then the simplest mechanism is libpcap, which is part of the tcpdump project.
Your process will need root privileges to be able to access the network interface (as would also be the case with raw sockets).
Usually you'll end up having to decode ethernet frames, IP headers, etc yourself, although for most protocols this isn't that hard.
[*] It is actually available for Win32 as well, but I've not used it under Windows myself.
I am using libpcap library. I have made one packet sniffer C program using pcap.h. Now I want to block packets coming on port 23 on my computer via eth0 device. I tried pcap_filter function but it is not useful for blocking.
Please explain to me how to code this functionality using c program.
Libpcap is just used for packet capturing, i.e. making packets available for use in other programs. It does not perform any network setup, like blocking, opening ports. In this sense pcap is a purely passive monitoring tool.
I am not sure what you want to do. As far as I see it, there are two possibilities:
You actually want to block the packets, so that your computer will not process them in any way. You should use a firewall for that and just block this port. Any decent firewall should be able to do that fairly easy. But you should be aware, that this also means no one will be able to ssh into your system. So if you do that on a remote system, you have effectively locked out yourself.
You still want other programs (sshd) to listen on port 23 but all this traffic is annoying you in your application. Libpcap has a filtering function for that, that is quite powerful. With this function you can pass small scripts to libpcap and have it only report packets that fit. Look up filtering in the pcap documentation for more information. This will however not "block the traffic" just stop pcap from capturing it.
Actually using pcap you are not able to build firewall. This is because packets seen inside your sniffer (built using pcap) are just copy of packets which (with or without sniffer) are consumed by network stack.
In other words: using filters in pcap will cause that you will not see copies of original packets (as far as I know pcap compiles filters and add those to kernel so that on kernel level copy will not be done); anyway original packet will go to network stack anyway.
The solution of your problem most probably could be done by netfilter. You can register in NF_IP_PRE_ROUTING hook and there decide to drop or allow given traffic.
Not been able to figure out why recvmsg() blocks when i try this test app on ubuntu.
http://web.mit.edu/kolya/misc/break-chroot.c
thanks
I strongly remember file descriptor passing only working over Unix Datagram sockets, not Unix stream sockets. This may also necessitate resends. Your example is too large (and I'm too lazy) to do a proper analysis, but look here for alternative example code. I've used that example myself on both FreeBSD and Linux, it works.