Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

port with no proc id
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3529
PostPosted: Fri Feb 28, 2025 6:30 pm    Post subject: port with no proc id Reply with quote
When I run "netstat -tupln" I get an open tcp port with a proc/PID of "-". After a bit of poking around I find that that happens when something in the kernel opens a port. I've also used "unhide" with a range of options, and nothing gets un-hidden, so I'm presuming it really is a kernel port.

Is there a way to find out what in the kernel is listening on that port?
I'd like to know what it is, so I can either rest easy or un-configure that option in my next kernel build.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5450
Location: Bavaria
PostPosted: Fri Feb 28, 2025 7:46 pm    Post subject: Reply with quote
Do you have a TCP-port-number? Do you have enabled CONFIG_DNS_RESOLVER in your kernel .config?
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
zen_desu
Tux's lil' helper
Tux's lil' helper


Joined: 25 Oct 2024
Posts: 143
PostPosted: Fri Feb 28, 2025 8:53 pm    Post subject: Re: port with no proc id Reply with quote
depontius wrote:
When I run "netstat -tupln" I get an open tcp port with a proc/PID of "-". After a bit of poking around I find that that happens when something in the kernel opens a port. I've also used "unhide" with a range of options, and nothing gets un-hidden, so I'm presuming it really is a kernel port.

Is there a way to find out what in the kernel is listening on that port?
I'd like to know what it is, so I can either rest easy or un-configure that option in my next kernel build.


This can happen with things like wireguard tunnels, I think it not having an associated PID implies it's from the kernel.
_________________
µgRD dev
Wiki writer
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3529
PostPosted: Fri Feb 28, 2025 8:54 pm    Post subject: Reply with quote
It's a high port, somewhere in the 30k range, not 32. I have CONFIG_DNS_RESOLVER=m in my config, not sure why I have even that. I just did an lsmod and see that it's loaded and being used by nfsv4, which I am running. Not sure what's up with that, but I have a direction to look now, at least. Thanks. I sure wish there were a simpler way to draw the lines here.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
zen_desu
Tux's lil' helper
Tux's lil' helper


Joined: 25 Oct 2024
Posts: 143
PostPosted: Fri Feb 28, 2025 8:56 pm    Post subject: Reply with quote
depontius wrote:
It's a high port, somewhere in the 30k range, not 32. I have CONFIG_DNS_RESOLVER=m in my config, not sure why I have even that. I just did an lsmod and see that it's loaded and being used by nfsv4, which I am running. Not sure what's up with that, but I have a direction to look now, at least. Thanks. I sure wish there were a simpler way to draw the lines here.


I think this is similar to wireguard, where the client, in kernel, binds to a certain port for that service. I think this is especially helpful for UDP, but can work for TCP too.
_________________
µgRD dev
Wiki writer
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3529
PostPosted: Fri Feb 28, 2025 9:35 pm    Post subject: Reply with quote
Incidentally, I don't have wireguard on this machine. I was aware of that possibility, but knew it didn't apply. However I do have the kernel DNS resolver and the module is indeed loaded. I guess I don't have to worry, though I'd like to understand this better in order to fully ease my mind. As I said earlier, it would be really nice to see a straight line drawn between the open port and something, even if it doesn't have a proc/PID.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
zen_desu
Tux's lil' helper
Tux's lil' helper


Joined: 25 Oct 2024
Posts: 143
PostPosted: Fri Feb 28, 2025 9:50 pm    Post subject: Reply with quote
depontius wrote:
Incidentally, I don't have wireguard on this machine. I was aware of that possibility, but knew it didn't apply. However I do have the kernel DNS resolver and the module is indeed loaded. I guess I don't have to worry, though I'd like to understand this better in order to fully ease my mind. As I said earlier, it would be really nice to see a straight line drawn between the open port and something, even if it doesn't have a proc/PID.


I agree, I always have to remind myself of this trait when I see stuff like this because it's not immediately obvious.
_________________
µgRD dev
Wiki writer
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy