API tools faq
paste
Guest User

Untitled

a guest
Jul 23rd, 2018
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1. Decoding the data in /proc/net/tcp:
  2.  
  3. Linux 5.x /proc/net/tcp
  4. Linux 6.x /proc/PID/net/tcp
  5.  
  6. Given a socket:
  7.  
  8. $ ls -l /proc/24784/fd/11
  9. lrwx------ 1 jkstill dba 64 Dec 4 16:22 /proc/24784/fd/11 -> socket:[15907701]
  10.  
  11. Find the address
  12.  
  13. $ head -1 /proc/24784/net/tcp; grep 15907701 /proc/24784/net/tcp
  14. sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
  15. 46: 010310AC:9C4C 030310AC:1770 01 0100000150:00000000 01:00000019 00000000 1000 0 54165785 4 cd1e6040 25 4 27 3 -1
  16.  
  17. 46: 010310AC:9C4C 030310AC:1770 01
  18. | | | | | |--> connection state
  19. | | | | |------> remote TCP port number
  20. | | | |-------------> remote IPv4 address
  21. | | |--------------------> local TCP port number
  22. | |---------------------------> local IPv4 address
  23. |----------------------------------> number of entry
  24.  
  25. 00000150:00000000 01:00000019 00000000
  26. | | | | |--> number of unrecovered RTO timeouts
  27. | | | |----------> number of jiffies until timer expires
  28. | | |----------------> timer_active (see below)
  29. | |----------------------> receive-queue
  30. |-------------------------------> transmit-queue
  31.  
  32. 1000 0 54165785 4 cd1e6040 25 4 27 3 -1
  33. | | | | | | | | | |--> slow start size threshold,
  34. | | | | | | | | | or -1 if the treshold
  35. | | | | | | | | | is >= 0xFFFF
  36. | | | | | | | | |----> sending congestion window
  37. | | | | | | | |-------> (ack.quick<<1)|ack.pingpong
  38. | | | | | | |---------> Predicted tick of soft clock
  39. | | | | | | (delayed ACK control data)
  40. | | | | | |------------> retransmit timeout
  41. | | | | |------------------> location of socket in memory
  42. | | | |-----------------------> socket reference count
  43. | | |-----------------------------> inode
  44. | |----------------------------------> unanswered 0-window probes
  45. |---------------------------------------------> uid
  46.  
  47.  
  48. timer_active:
  49. 0 no timer is pending
  50. 1 retransmit-timer is pending
  51. 2 another timer (e.g. delayed ack or keepalive) is pending
  52. 3 this is a socket in TIME_WAIT state. Not all field will contain data.
  53. 4 zero window probe timer is pending
  54.  
  55. ==========================================
  56. Perl script to decode the address
  57.  
  58. #!/usr/bin/perl
  59.  
  60. my $hexip=$ARGV[0];
  61. my $hexport=$ARGV[1];
  62.  
  63. print "hex: $hexip\n";
  64.  
  65. my @ip = map hex($_), ( $hexip =~ m/../g );
  66.  
  67. my $ip = join('.',reverse(@ip));
  68.  
  69. my $port = hex($hexport);
  70.  
  71. print "IP: $ip PORT: $port\n";
  72.  
  73. ==========================================
  74.  
  75. $ hexip.pl 030310AC 1770
  76. hex: 030310AC
  77. IP: 172.16.3.3 PORT: 6000
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!