Find processes using a network interface

linux networking process
17,346

Such programs will be using Netlink sockets to talk to the network hardware's driver directly. lsof version 4.85 added support for Netlink sockets, but in my testing on CentOS 5.8, the feature doesn't appear to work very well. Perhaps it depends on features added in newer kernels.

However, it is possible to make a pretty good guess about when you've run into a Netlink socket. If you cat /proc/net/netlink you get a list of open Netlink sockets, including the PID of processes that have them opened. Then if you lsof -p $THEPID those PIDs, you'll find entries with sock in the TYPE column and can't identify protocol in the NAME column. It's not guaranteed that these are Netlink sockets, but it's a pretty good bet.

You might also infer that a given process is talking directly to an interface if it has files under /sys/class/net/$IFNAME open.

Now, all that having been said, I think your question is wrong-headed.

Let's say there is a command I haven't discovered. Call it lsif -i wlan0, and say it returns a list of PIDs accessing the named interface. What would you be able to do with it which would allow you to "not disturb" processes using that interface, as you've requested? Were you planning on killing off all the processes using that interface first? That's pretty disturbing. :) Maybe you were instead thinking that dropping the interface out from underneath a process using it would somehow be harmful?

What, in the end, is so bad about ifconfig wlan0 down?

Network interfaces are not storage devices. You don't have to flush data to disk and unmount them gracefully. Not breaking open sockets might be worthwhile, but as you already know, you can figure that out with netstat and lsof. wpa_supplicant isn't going to sulk if you bounce its interface unceremoniously. (If it does, it's a bug and needs to be fixed; it wouldn't indicate some fault of yours.)

Well-written network programs cope with such things as a matter of course. Networks are unreliable. If a program can't cope with an interface being bounced, it also won't be able to cope with unplugged Ethernet cables, balky DSL modems, or backhoes.

Share:
17,346

Related videos on Youtube

ipsec
Author by

ipsec

Updated on September 18, 2022

Comments

  • ipsec
    ipsec over 1 year

    I'm trying to find a way to safely shutdown a network interface, i.e. without disturbing any processes. For this I need to find out what processes are currently using that interface. Tools like ss, netstat or lsof are helpful showing which processes have open sockets, but they don't show wpa_supplicant, dhcpcd, hostapd and others.

    Is there a way to detect these processes in a general way? It might not for dhcpcd, as it is just a program opening a socket every now and then, but I'm assuming wpa_supplicant and hostapd would “do something” to that interface which is detectable and perhaps also leads to the relevant PID.

  • ipsec
    ipsec over 11 years
    Thank you very much. I found out that lsof correctly reports netlink sockets on my system. It seems sufficient to grep for ROUTE to find the processes I want. For what I am doing with this information: asking the user whether the shutdown should be canceled in the event that the user has started processes associated with this interface.
  • frogstarr78
    frogstarr78 about 9 years
    You can also use any tun0 "files" in the proc fs using this command: find /proc/ -name tun0 | cut -d\/ -f3 | uniq | xargs -IPID lsof -p PID

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Route the traffic over specific interface for a process in linux
WITHOUT using network command lines in linux, how to know list of open ports and the process that owns them?
Block network access of a process?
multiple default gateways for alias interfaces
When a process will go to 'D' state?
How to get access of process running on one terminal from other terminal in Linux?
Parent process waits for all child processes to finish before continuing
How to reliably measure the network bandwidth used by a process
Why getppid() from the child return 1
what is the command in linux to kill tcp connection or session?