socket programming...lsof?

[Derek Smith]

Hi All,

Is there a ruby substitute for lsof's functionality? Meaning I want to
listen on certain ports/sockets such as identd's port 113 to see if any
process is using this port. Is this possible in Ruby w/out using lsof?

Here is my test code, on my ubuntu personal laptop with a port from
netstat -a.

#!/usr/bin/ruby -w

require 'rubygems'
require 'socket'

#TCPSocket.open('localhost', '34814') do |socket|
# socket.puts "gibberish"
# socket.each_line do |line|
# p line
# end
#end

require 'socket'

host = 'localhost'
port = 47408

s = TCPSocket.open(host, port)

while line = s.gets
puts line.chop
end
s.close

In both cases, I get the error:

derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
port_tst.rb:18:in `initialize': Connection refused - connect(2)
(Errno::ECONNREFUSED)
from port_tst.rb:18:in `open'
from port_tst.rb:18


thank you!

 

[Roger Pack]

Hi All,

Is there a ruby substitute for lsof's functionality? Meaning I want to
listen on certain ports/sockets such as identd's port 113 to see if any
process is using this port. Is this possible in Ruby w/out using lsof?

You could try binding to that port and rescue the error (error meaning
it's in use). Dunno if that helps.
-rp

 

[P YH]

Hi All,

Is there a ruby substitute for lsof's functionality? Meaning I want to
listen on certain ports/sockets such as identd's port 113 to see if any
process is using this port. Is this possible in Ruby w/out using lsof?

Here is my test code, on my ubuntu personal laptop with a port from
netstat -a.

#!/usr/bin/ruby -w

require 'rubygems'

Can I ask the rubygems module is used for what purpose?

Thanks.

 

[Rajeswar reddy Gaulla]

require 'socket'

host = 'localhost'
port = 47408

begin
Timeout::timeout(10){TCPSocket.open(host , port).puts"'#{port}'
port opened"}
rescue
puts "'#{host}' :: '#{port}' port not opened\n "
end

 

[Eric Wong]

Hi All,

Is there a ruby substitute for lsof's functionality?

Hi Derek,

I was wondering that today, too. lsof is highly system-specific, so it
might not be readily implemented. lsof and netstat (at least on my
Linux system) just parses various text files in /proc/.

**Linux only**

Reading lsof strace output and the Linux kernel sources gave me enough
info to get what I needed without repeatedly invoking lsof. I found
Documentation/networking/proc_net_tcp.txt of the Linux kernel source
useful for describing /proc/net/tcp. For /proc/net/unix, I had to
read the unix_seq_show() function in net/unix/af_unix.c

A better solution might be to use netlink (which I still want to do
for the project I'm working on), but that involves more work than
writing a simple text file parser in Ruby

Meaning I want to
listen on certain ports/sockets such as identd's port 113 to see if any
process is using this port. Is this possible in Ruby w/out using lsof?

What Roger said about trying to bind that given port (or connecting
to it, use Socket#connect_nonblock in case identd is slow to respond).

Here is my test code, on my ubuntu personal laptop with a port from
netstat -a.

host = 'localhost'

You may also want to give '127.0.0.1' a try if you're sure that port is
listening. IIRC, some newer Linux systems favor IPv6 addresses over
IPv4 ones.

 

[Derek Smith]

Eric Wong

You may also want to give '127.0.0.1' a try if you're sure that port is
listening. IIRC, some newer Linux systems favor IPv6 addresses over
IPv4 ones.

OK cool thank you!

What if I want to see any data passing over that port, 113 or any other
port? Any adjustments in this code?
SSH port 22 seems to work, well sort of. When connections come in,
shouldn't I see some type of encryption strings?

env ruby -w
require 'socket'
host = 'localhost'
port = 22
#
s = TCPSocket.open(host, port)

while line = s.gets # Read lines from the socket
puts line.chop # And print with platform line terminator
end
s.close # Close the socket when done


derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

 

[Derek Smith]

env ruby -w

require 'socket'
host = 'localhost'
port = 22
#
s = TCPSocket.open(host, port)

while line = s.gets # Read lines from the socket
puts line.chop # And print with platform line terminator
end
s.close # Close the socket when done


derek@vaio-ubuntu:~$ sudo ruby port_tst.rb
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1

What if I want to see any data passing over that port, 113 or any other
port? Any adjustments in this code?
SSH port 22 seems to work, well sort of. When connections come in,
shouldn't I see some type of encryption strings?

 

[Eric Wong]

What if I want to see any data passing over that port, 113 or any other
port? Any adjustments in this code?

You should actually use something like tcpdump or some other sniffer.
See http://en.wikipedia.org/wiki/Tcpdump for more info.

Since tcpdump uses libpcap, and there are libpcap bindings for Ruby, so
you could probably do this via the Ruby bindings without much
difficulty (I've never tried this).

SSH port 22 seems to work, well sort of. When connections come in,
shouldn't I see some type of encryption strings?

No, not at all.

Your current code is opening a new and private connection to a TCP
server (sshd). This is just as if you're normally opening a new ssh
client connection to your server (without actually going through the
handshake.

TCP connections are generally private (unicast). That is when a client
connects to a server, that connection is a bidirectional bytestream
only intended for the client and server to consume.

You need special OS-level tracing tools like libpcap (or knowledge
of obscure syscalls which libpcap uses) to listen into the private
server<->client channel as a 3rd party.

 

[Eric Wong]

A better solution might be to use netlink (which I still want to do
for the project I'm working on), but that involves more work than
writing a simple text file parser in Ruby

Well, I went down that rabbit hole and came out with Raindrops
http://mid.gmane.org/[email protected]

 

[Hoodoo Wen]

there is no server side!