socket programming...lsof?

Discussion in 'Ruby' started by Derek Smith, Apr 1, 2010.

  1. Derek Smith

    Derek Smith Guest

    Hi All,

    Is there a ruby substitute for lsof's functionality? Meaning I want to
    listen on certain ports/sockets such as identd's port 113 to see if any
    process is using this port. Is this possible in Ruby w/out using lsof?

    Here is my test code, on my ubuntu personal laptop with a port from
    netstat -a.

    #!/usr/bin/ruby -w

    require 'rubygems'
    require 'socket'

    #TCPSocket.open('localhost', '34814') do |socket|
    # socket.puts "gibberish"
    # socket.each_line do |line|
    # p line
    # end
    #end

    require 'socket'

    host = 'localhost'
    port = 47408

    s = TCPSocket.open(host, port)

    while line = s.gets
    puts line.chop
    end
    s.close

    In both cases, I get the error:

    derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
    port_tst.rb:18:in `initialize': Connection refused - connect(2)
    (Errno::ECONNREFUSED)
    from port_tst.rb:18:in `open'
    from port_tst.rb:18


    thank you!
    --
    Posted via http://www.ruby-forum.com/.
    Derek Smith, Apr 1, 2010
    #1
    1. Advertising

  2. Derek Smith

    Roger Pack Guest

    Derek Smith wrote:
    > Hi All,
    >
    > Is there a ruby substitute for lsof's functionality? Meaning I want to
    > listen on certain ports/sockets such as identd's port 113 to see if any
    > process is using this port. Is this possible in Ruby w/out using lsof?


    You could try binding to that port and rescue the error (error meaning
    it's in use). Dunno if that helps.
    -rp
    --
    Posted via http://www.ruby-forum.com/.
    Roger Pack, Apr 1, 2010
    #2
    1. Advertising

  3. Derek Smith

    P YH Guest


    > Hi All,
    >
    > Is there a ruby substitute for lsof's functionality? Meaning I want to
    > listen on certain ports/sockets such as identd's port 113 to see if any
    > process is using this port. Is this possible in Ruby w/out using lsof?
    >
    > Here is my test code, on my ubuntu personal laptop with a port from
    > netstat -a.
    >
    > #!/usr/bin/ruby -w
    >
    > require 'rubygems'


    Can I ask the rubygems module is used for what purpose?

    Thanks.
    P YH, Apr 1, 2010
    #3
  4. require 'socket'

    host = 'localhost'
    port = 47408

    begin
    Timeout::timeout(10){TCPSocket.open(host , port).puts"'#{port}'
    port opened"}
    rescue
    puts "'#{host}' :: '#{port}' port not opened\n "
    end
    --
    Posted via http://www.ruby-forum.com/.
    Rajeswar reddy Gaulla, Apr 1, 2010
    #4
  5. Derek Smith

    Eric Wong Guest

    Derek Smith <> wrote:
    > Hi All,
    >
    > Is there a ruby substitute for lsof's functionality?


    Hi Derek,

    I was wondering that today, too. lsof is highly system-specific, so it
    might not be readily implemented. lsof and netstat (at least on my
    Linux system) just parses various text files in /proc/.

    **Linux only**

    Reading lsof strace output and the Linux kernel sources gave me enough
    info to get what I needed without repeatedly invoking lsof. I found
    Documentation/networking/proc_net_tcp.txt of the Linux kernel source
    useful for describing /proc/net/tcp. For /proc/net/unix, I had to
    read the unix_seq_show() function in net/unix/af_unix.c

    A better solution might be to use netlink (which I still want to do
    for the project I'm working on), but that involves more work than
    writing a simple text file parser in Ruby :)

    > Meaning I want to
    > listen on certain ports/sockets such as identd's port 113 to see if any
    > process is using this port. Is this possible in Ruby w/out using lsof?


    What Roger said about trying to bind that given port (or connecting
    to it, use Socket#connect_nonblock in case identd is slow to respond).

    > Here is my test code, on my ubuntu personal laptop with a port from
    > netstat -a.


    <snip>

    > host = 'localhost'


    You may also want to give '127.0.0.1' a try if you're sure that port is
    listening. IIRC, some newer Linux systems favor IPv6 addresses over
    IPv4 ones.

    --
    Eric Wong
    Eric Wong, Apr 1, 2010
    #5
  6. Derek Smith

    Derek Smith Guest

    Eric Wong
    >
    > You may also want to give '127.0.0.1' a try if you're sure that port is
    > listening. IIRC, some newer Linux systems favor IPv6 addresses over
    > IPv4 ones.


    OK cool thank you!

    What if I want to see any data passing over that port, 113 or any other
    port? Any adjustments in this code?
    SSH port 22 seems to work, well sort of. When connections come in,
    shouldn't I see some type of encryption strings?

    env ruby -w
    require 'socket'
    host = 'localhost'
    port = 22
    #
    s = TCPSocket.open(host, port)

    while line = s.gets # Read lines from the socket
    puts line.chop # And print with platform line terminator
    end
    s.close # Close the socket when done


    derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
    SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

    --
    Posted via http://www.ruby-forum.com/.
    Derek Smith, Apr 2, 2010
    #6
  7. Derek Smith

    Derek Smith Guest

    > env ruby -w
    > require 'socket'
    > host = 'localhost'
    > port = 22
    > #
    > s = TCPSocket.open(host, port)
    >
    > while line = s.gets # Read lines from the socket
    > puts line.chop # And print with platform line terminator
    > end
    > s.close # Close the socket when done
    >
    >
    > derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
    > SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1


    What if I want to see any data passing over that port, 113 or any other
    port? Any adjustments in this code?
    SSH port 22 seems to work, well sort of. When connections come in,
    shouldn't I see some type of encryption strings?
    --
    Posted via http://www.ruby-forum.com/.
    Derek Smith, Apr 2, 2010
    #7
  8. Derek Smith

    Eric Wong Guest

    Derek Smith <> wrote:
    > > env ruby -w
    > > require 'socket'
    > > host = 'localhost'
    > > port = 22
    > > #
    > > s = TCPSocket.open(host, port)
    > >
    > > while line = s.gets # Read lines from the socket
    > > puts line.chop # And print with platform line terminator
    > > end
    > > s.close # Close the socket when done
    > >
    > >
    > > derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
    > > SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

    >
    > What if I want to see any data passing over that port, 113 or any other
    > port? Any adjustments in this code?


    You should actually use something like tcpdump or some other sniffer.
    See http://en.wikipedia.org/wiki/Tcpdump for more info.

    Since tcpdump uses libpcap, and there are libpcap bindings for Ruby, so
    you could probably do this via the Ruby bindings without much
    difficulty (I've never tried this).

    > SSH port 22 seems to work, well sort of. When connections come in,
    > shouldn't I see some type of encryption strings?


    No, not at all.

    Your current code is opening a new and private connection to a TCP
    server (sshd). This is just as if you're normally opening a new ssh
    client connection to your server (without actually going through the
    handshake.

    TCP connections are generally private (unicast). That is when a client
    connects to a server, that connection is a bidirectional bytestream
    only intended for the client and server to consume.

    You need special OS-level tracing tools like libpcap (or knowledge
    of obscure syscalls which libpcap uses) to listen into the private
    server<->client channel as a 3rd party.

    --
    Eric Wong
    Eric Wong, Apr 3, 2010
    #8
  9. Derek Smith

    Eric Wong Guest

    Eric Wong <> wrote:
    > A better solution might be to use netlink (which I still want to do
    > for the project I'm working on), but that involves more work than
    > writing a simple text file parser in Ruby :)


    Well, I went down that rabbit hole and came out with Raindrops :)
    http://mid.gmane.org/

    --
    Eric Wong
    Eric Wong, Apr 8, 2010
    #9
  10. Derek Smith

    Hoodoo Wen Guest

    Hoodoo Wen, Apr 8, 2010
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bvidinli
    Replies:
    2
    Views:
    835
    Thomas Guettler
    Apr 17, 2008
  2. Laszlo Nagy
    Replies:
    1
    Views:
    4,766
    Mark Wooding
    Jan 27, 2009
  3. Jean-Paul Calderone
    Replies:
    0
    Views:
    948
    Jean-Paul Calderone
    Jan 27, 2009
  4. ma_kiem
    Replies:
    0
    Views:
    432
    ma_kiem
    Jul 6, 2011
  5. perl & lsof kind

    , Nov 7, 2006, in forum: Perl Misc
    Replies:
    2
    Views:
    96
    Chris Davies
    Nov 10, 2006
Loading...

Share This Page