Given a java process (that uses a couple of 3rd-party libs and stuff from maven repo) and a TCP port number that this process is listening on (for all interfaces), what options do I have for finding out, which "part" of the process is responsible for the listening port?Not a Java answer, but: Could you use dtrace to watch the
Once I see, which of the umpty libraries did it, I can look for options
to either unconfigure it, bind to localhost, or at least understand it.
That's on Solaris (Unix).
$ netstat -aun | grep "54157.*LISTEN" # gives me e.g:
*.52634 *.* xxx 54157 java 0 0 256000 0 LISTEN
[...]
On 2/23/2022 7:37 AM, Andreas Leitgeb wrote:
Given a java process (that uses a couple of 3rd-party libs and stuffNot a Java answer, but: Could you use dtrace to watch the
from maven repo) and a TCP port number that this process is listening
on (for all interfaces), what options do I have for finding out, which
"part" of the process is responsible for the listening port?
Once I see, which of the umpty libraries did it, I can look for options
to either unconfigure it, bind to localhost, or at least understand it.
That's on Solaris (Unix).
$ netstat -aun | grep "54157.*LISTEN" # gives me e.g:
*.52634 *.* xxx 54157 java 0 0
256000 0 LISTEN
[...]
port creations as they go by and see which piece of code instigates each
one? (My Solaris days are a distant memory and my dtrace skills were
never super-keen, but it seems to me dtrace ought to be able to do the trick.)
If the process opens ten thousand ports this could get
tedious, but still ...
Given a java process (that uses a couple of 3rd-party libs and stuff from maven repo) and a TCP port number that this process is listening on (for all interfaces), what options do I have for finding out, which "part" of the process is responsible for the listening port?
Once I see, which of the umpty libraries did it, I can look for options
to either unconfigure it, bind to localhost, or at least understand it.
That's on Solaris (Unix).
$ netstat -aun | grep "54157.*LISTEN" # gives me e.g:
*.52634 *.* xxx 54157 java 0 0 256000 0 LISTEN
The portnumber is in the >32k range and changes with each restart
of the process, thus apparently isn't itself configured.
When I telnet to the port, the connection is dropped after writing any 6 bytes to it. - maybe that rings a bell for some type of common service?
PS: Java here is Azul's "Zulu", openjdk version 1.8.0_252
(in case it matters for further diagnostic tools available)
You could track all locations opening a socket.
Demo:
[snip]
On 2/23/2022 7:37 AM, Andreas Leitgeb wrote:
Given a java process (that uses a couple of 3rd-party libs and stuff from
maven repo) and a TCP port number that this process is listening on
(for all
interfaces), what options do I have for finding out, which "part" of the
process is responsible for the listening port?
Once I see, which of the umpty libraries did it, I can look for options
to either unconfigure it, bind to localhost, or at least understand it.
That's on Solaris (Unix).
$ netstat -aun | grep "54157.*LISTEN" # gives me e.g:
*.52634 *.* xxx 54157 java 0 0
256000 0 LISTEN
The portnumber is in the >32k range and changes with each restart
of the process, thus apparently isn't itself configured.
When I telnet to the port, the connection is dropped after writing any 6
bytes to it. - maybe that rings a bell for some type of common service?
PS: Java here is Azul's "Zulu", openjdk version 1.8.0_252
(in case it matters for further diagnostic tools available)
You could track all locations opening a socket.
Demo:
package february;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.net.ServerSocket;
import java.net.SocketImpl;
import java.net.SocketImplFactory;
import java.util.Arrays;
import java.util.stream.Collectors;
public class SocketTrace {
public static void enableTrace() throws IOException {
ServerSocket.setSocketFactory(new SocketImplFactory() {
@Override
public SocketImpl createSocketImpl() {
Exception e = new Exception();
StackTraceElement[] ste = e.getStackTrace();
String trace = Arrays.stream(ste).skip(4).map(v ->
v.getClassName() + "." + v.getMethodName()).collect(Collectors.joining("
"));
System.out.printf("socket opened from %s\n", trace);
try {
Class<?> stdimpl = Class.forName("java.net.SocksSocketImpl");
Constructor<?> ctor = stdimpl.getDeclaredConstructor();
ctor.setAccessible(true);
return (SocketImpl) ctor.newInstance();
} catch(Exception ex) {
throw new RuntimeException(ex);
}
}
});
}
public static void m3() throws IOException {
ServerSocket s = new ServerSocket(12345);
s.close();
}
public static void m2() throws IOException {
m3();
}
public static void m1() throws IOException {
m2();
}
public static void main(String[] args) throws IOException {
enableTrace();
m3();
m2();
m1();
}
}
output:
socket opened from february.SocketTrace.m3 february.SocketTrace.main
socket opened from february.SocketTrace.m3 february.SocketTrace.m2 february.SocketTrace.main
socket opened from february.SocketTrace.m3 february.SocketTrace.m2 february.SocketTrace.m1 february.SocketTrace.main
Arne
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 60:48:37 |
Calls: | 6,712 |
Files: | 12,243 |
Messages: | 5,355,759 |