Re: locating blocked port

Tue, 31 Jan 2023 22:07:37 -0800 

Le 31/01/2023 à 16:31, Casey Deccio a écrit :




On Jan 31, 2023, at 8:05 AM, Haines Brown <hai...@histomat.net> wrote:

I have an  application that refuses to start because  its port is
blocked. But I have difficulty knowing what port it is


I would try strace, which shows you all system calls being made.  In this case, 
it is probably bind() that is returning an error.

strace -e trace=%net java -jar /usr/local/share/JabRef/JabRef-3.2.jar

Or

strace -e trace=%net java -jar /usr/local/share/JabRef/JabRef-3.2.jar 2>&1 | 
grep bind

For example:

$ cat test.py
#!/usr/bin/env python3

import socket
s = socket.socket()
try:
     s.bind(('0.0.0.0', 56))
except:
     pass
$ python3 test.py # doesn't print any output
$ strace -e trace=%net python3 test.py 2>&1 | grep bind
bind(3, {sa_family=AF_INET, sin_port=htons(56), sin_addr=inet_addr("0.0.0.0")}, 
16) = -1 EACCES (Permission denied)

The value of sin_port is what you are looking for.


How do I know from this what port the java application tried to use?

I try:

  $ strings $(which jabref) | wc -l
    56



strings might be helpful (maybe?), but in this case, you are piping it to wc 
-l, which is simply counting the number of printable character sequences that 
were found in jabref.  If that also happens to be the port number, then it is 
coincidental.


  So I try:

    $ sudo ss -pt state listening 'sport = :56'
    Recv-Q   Send-Q    Local Address:Port   Peer Address:Port Process

  This seems a null return. Dores this mean jabref is not using port
  56?


Well, it tells you that nothing (including jabref) is listening on TCP port 56, 
but it won't tell you about why something *failed* to listen.  See strace above.

Casey



If you want an easy way to tell what program is trying to send data 
through which port(s), aside from all the command line utilities linux 
is known for you can use "opensnitch" which comes with a nice UI. It is 
in Debian but in Unstable [1] only for now, however the upstream website 
[2] provides .deb packages [3] and instructions. "Wireshark" or 
"iptraf-ng" also offer UI but are less intuitive to use, and 
"opensnitch" allows you to create rules from the UI to allow/block traffic.



[1] 
https://packages.debian.org/search?keywords=opensnitch&searchon=names&suite=unstable&section=all


[2] https://github.com/evilsocket/opensnitch

[3] https://github.com/evilsocket/opensnitch/releases























					Reply via email to