Listing all open sockets
Pages: 1 2
Dave Higton (1515) 3534 posts |
Is there an up to date app that can list all open sockets, with their source and destination addresses and ports? I keep using ResRec, but it doesn’t work very well (e.g. it doesn’t clear items from the window when a socket is closed, and it lists lots of sockets with all info 0 on the ROD stack). Alternatively, is there a proper way to do it, so I can write one? |
Andrew McCarthy (3688) 605 posts |
If I’m not mistaken, the utility !Director has something similar to what’s required; it might help. |
David J. Ruck (33) 1636 posts |
*INetStat -an |
Jean-Michel BRUCK (3009) 362 posts |
!ResRec displays the sockets. |
Steve Pampling (1551) 8172 posts |
Unfortunately both the CLI inetstat -an and the ResRec are a static display of what was extant when the CLI command was manually run, while ResRec does refresh with new info sometimes Maybe stripping it down to just socket monitoring and inserting an adjustable window refresh would improve things to a point of usefulness for Dave? The window size (visible lines) is rather limited too, and the column labelling needs alteration for clarity “Sock” “Local Port” “Prot” “Local Address” “Remote Port” “Remote IP” |
Steve Pampling (1551) 8172 posts |
Just thinking about your comment “lists lots of sockets with all info 0 on the ROD stack” PC output of netstat -an: Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 127.0.0.1:40857 127.0.0.1:40858 ESTABLISHED TCP 127.0.0.1:40858 127.0.0.1:40857 ESTABLISHED TCP 127.0.0.1:40859 127.0.0.1:40860 ESTABLISHED TCP 127.0.0.1:40860 127.0.0.1:40859 ESTABLISHED ResRec doesn’t seem to show the port state when I look on an RPCEmu session, so that may be the origin of your “all info 0” |
Dave Higton (1515) 3534 posts |
Thanks for the suggestions but: netstat -an works on a PC but not on RISC OS, of course. inetstat -an when run on the ROD stack, gives lots of output, but not the useful info that I’m looking for, which is addresses, ports and protocol. I should have looked at the innards of ResRec before posting. I had a memory that it was a compiled app, but actually it’s written in BASIC. Somewhat compressed, but the function and variable names are still sensible. I’ve started to decompress it with a view to seeing if I can improve it a bit on modern hardware and an IPv6-capable stack. |
Steve Pampling (1551) 8172 posts |
The netstat output was just a suggestion of what may be happening to what you’re seeing from ResRec in the way of zeros. ResRec displays useful info for all sockets displayed, but not the port state which Inetstat -an does *inetstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.10.10.10.49156 142.250.178.3.443 ESTABLISHED tcp4 0 0 10.10.10.10.49155 216.58.201.99.443 ESTABLISHED tcp4 0 0 10.10.10.10.49154 216.58.201.99.443 ESTABLISHED tcp4 0 0 10.10.10.10.49153 216.58.201.99.443 ESTABLISHED udp4 0 0 *.* *.* udp4 0 0 *.68 *.* RecRes window (amended headers) Sock Local Port Prot Local Address Remote Port Remote Address 0 68/bootpc udp [anyhost] 1 49153 tcp4 10.10.10.10 443/https 216.58.201.99 2 49154 tcp4 10.10.10.10 443/https 216.58.201.99 3 49155 tcp4 10.10.10.10 443/https 216.58.201.99 4 49156 tcp4 10.10.10.10 443/https 142.250.178.3 Do you not see that? Perhaps a “feature” of the ROD stack and utils. |
Jean-Michel BRUCK (3009) 362 posts |
@Dave |
Dave Higton (1515) 3534 posts |
No. Here’s an example of what I see: *inetstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 192.168.16.69.9100 *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 *.49171 *.* ip 0 0 *.32771 *.* ip 0 0 *.137 *.* ip 0 0 *.32770 *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip6 0 0 *.443 *.* ip6 0 0 *.80 *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip6 0 0 *.* *.* ip6 0 0 *.* *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip6 0 0 *.* *.* 58 Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr 0x4a48d484 stream 0 0 0x4a58d090 0x0 0x0 0x0 /dev/slaacd.sock.0 0x4a48d42c stream 0 0 0x0 0x4a48d3d4 0x0 0x0 0x4a48d37c stream 0 0 0x0 0x4a48d324 0x0 0x0 0x4a48d064 stream 0 0 0x0 0x4a48d0bc 0x0 0x0 0x4a48d0bc stream 0 0 0x0 0x4a48d064 0x0 0x0 0x4a48d114 stream 0 0 0x0 0x4a48d16c 0x0 0x0 0x4a48d3d4 stream 0 0 0x0 0x4a48d42c 0x0 0x0 0x4a48d16c stream 0 0 0x0 0x4a48d114 0x0 0x0 0x4a48d21c stream 0 0 0x0 0x4a48d1c4 0x0 0x0 0x4a48d274 stream 0 0 0x0 0x4a48d2cc 0x0 0x0 0x4a48d2cc stream 0 0 0x0 0x4a48d274 0x0 0x0 0x4a48d324 stream 0 0 0x0 0x4a48d37c 0x0 0x0 0x4a48d1c4 stream 0 0 0x0 0x4a48d21c 0x0 0x0 0x4a48d00c dgram 0 0 0x4a58d00c 0x0 0x0 0x0 /dev/bpf * |
Rick Murray (539) 13850 posts |
I don’t seem to have any state mentioned, but my ROD stack gives addresses… *inetstat -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 pi3bplus.home.1270 91.203.57.172.443 ip 0 0 pi3bplus.home.33720 91.203.57.172.443 ip 0 0 pi3bplus.home.24632 91.203.57.172.443 Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) ip 0 0 *.32771 *.* ip 0 0 *.32770 *.* ip 0 0 *.* *.* ip 0 0 *.49171 *.* ip 0 0 *.137 *.* [snipped Unix domain sockets with addresses that look like they're memory locations...?] * Where do I find ResRec? I have SocketMgr by David Thomas that lists sockets and has a “Remove” icon beside each… |
Rick Murray (539) 13850 posts |
Dave, looking at that, you have active servers but no current outgoing connections. 91.203.57.172 is this site. ;) *.32770 and *.32771 are UDP for Freeway. An AUN RISC OS machine will have these active all the time. Looks like you are also running an IPv6 server with http and https. |
Stuart Painting (5389) 714 posts |
I found it on the Wayback Machine |
Dave Higton (1515) 3534 posts |
Pedantically, one server for each protocol :-) But a future project, no doubt, is to combine the code as far as possible, so as to do exactly what you describe. I believe you may be one of the few people who has connected to those servers. |
Dave Higton (1515) 3534 posts |
Jean-Michel: it’s FNdecode that needs to be extended to decode IPv6 as well as IPv4, which requires another parameter. Having provided the length of the block returned by Socket_Getsockname, I can see 5 sockets with a length of 28 (that’s the correct length for IPv6), but also two with a length of 108. Does anyone know what that is? There are also 12 sockets, apparently IPv4, with source and destination addresses and ports all 0. I have no idea what that’s all about, but it’s time for bed now. |
Steve Pampling (1551) 8172 posts |
Which, I notice in reading, is deprecated, so I presume you mean Socket_Getsockname_1, unless you haven’t got around to changing that bit. Edit: For backwards compatibility, the following set of 6 SWIs will be translated to the extent noted: SWI name Emulation Socket_Accept Socket address limited to IPv4 Socket_Recvfrom Socket address limited to IPv4 Socket_Recvmsg Access rights field ignored on entry Socket_Sendmsg Access rights field ignored on entry Socket_Getpeername Socket address limited to IPv4 Socket_Getsockname Socket address limited to IPv4 XSocket_Getpeername in the line after XSocket_Getsockname will need changing to the _1 form too. |
Jean-Michel BRUCK (3009) 362 posts |
@Dave, I don’t use IPv6 yet, but my orange box should be able to. |
Dave Higton (1515) 3534 posts |
Screenshot of work in progress has been updated – see later in this thread. |
Colin Ferris (399) 1818 posts |
It would be handy for there to be space for pics – to be kept on the site. |
Steve Pampling (1551) 8172 posts |
I thought you’d been quiet today :) Nice. I’d amend the column labels to a slightly more meaningful: "Sock" "Local Port" "Prot" "Local Address" "Remote Port" "Remote Address" "State??" With the “Remote Port” tabbed right further to make the visual association with the remote IP address. How easy is the port state to pick out? |
Dave Higton (1515) 3534 posts |
What do you mean by port state? Whether or not it’s connected? If that, the fact that there’s no local address seems to be it for IPv6. Admittedly I still haven’t switched over to the new SWIs yet, but Socket_Getpeername returns an error on IPv6 if there’s no connection, whereas it seems to return no error for IPv4 with the address and port all 0. That’s displayed as port 0 [anyhost] in the window. For UDP, I dunno what port state could mean. |
Dave Higton (1515) 3534 posts |
I’m sure many users would be tempted to throw lots of images on here, given free storage. My screenshot above is only a snapshot along the way. It will become meaningless in a few weeks. |
Dave Higton (1515) 3534 posts |
I cannot see any mention of copyright or licensing terms in Andrew Pullan’s original, so I’m going to assume that I have the right to distribute an updated version. |
Steve Pampling (1551) 8172 posts |
http://tcpipguide.com/free/t_TCPOperationalOverviewandtheTCPFiniteStateMachineF-2.htm |
David J. Ruck (33) 1636 posts |
You didn’t suppress DNS lookup with the -n switch |
Pages: 1 2