This file is indexed.

/usr/bin/socklist is in procinfo 1:2.0.304-1ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/perl

# socklist
# Simple and effective substitute for "lsof" for Linux with a proc filesystem.
# Standard permissions on the proc filesystem make this program only
# useful when run as root.

# Larry Doolittle <ldoolitt@jlab.org>
# September 1997

# example output (with # added given the context of a perl program):
#
# type  port      inode     uid    pid   fd  name
# tcp   1023     394218     425  23333    3  ssh
# tcp   1022     394166     425  23312    3  ssh
# tcp   6000     387833     313   3942    0  X
# tcp   2049      81359       0  13296    4  rpc.nfsd
# tcp    745      81322       0  13287    4  rpc.mountd
# tcp    111      81282       0  13276    4  portmap
# tcp     22      26710       0   7372    3  sshd
# tcp     25      25902       0    156   18  inetd
# tcp     80      20151       0   2827    4  boa-0.92
# tcp     23       2003       0    156    5  inetd
# udp    620     855681       0      0    0  
# udp    655     394445       0      0    0  
# udp   2049      81356       0  13296    3  rpc.nfsd
# udp    743      81319       0  13287    3  rpc.mountd
# udp    111      81281       0  13276    3  portmap
# udp    707       2776       0      0    0  
# udp    514       1861       0    124    1  syslogd
# raw      1          0       0      0    0  
#
# It appears that each NFS mount generates an open udp port, which
# is not associated with any process.  This is the origin of those
# mysterious ports 620, 655, and 707 above.  I still don't understand
# the meaning of raw port 1.

# part 1: scan through the /proc filesystem building up
# a list of what processes own what network "inodes".
# result is associative array %sock_proc.

opendir (PROC, "/proc") || die "proc";
for $f (readdir(PROC)) {
    next if (! ($f=~/[0-9]+/) );
    if (! opendir (PORTS, "/proc/$f/fd")) {
        # print "failed opendir on process $f fds\n";
        closedir PORTS;
        next;
    }
    for $g (readdir(PORTS)) {
        next if (! ($g=~/[0-9]+/) );
        $r=readlink("/proc/$f/fd/$g");

# 2.0.33: [dev]:ino 
#	($dev,$ino)=($r=~/^\[([0-9a-fA-F]*)\]:([0-9]*)$/);
# 2.0.78: socket:[ino]
#	($dev,$ino)=($r=~/^(socket):\[([0-9]*)\]$/);
# -svm-
	($dev,$ino)=($r=~/^(socket|\[[0-9a-fA-F]*\]):\[?([0-9]*)\]?$/);

        # print "$f $g $r DEV=$dev INO=$ino\n";
        if ($dev == "[0000]" || $dev == "socket") {$sock_proc{$ino}=$f.":".$g;}
    }
    closedir PORTS;
}
closedir PROC;

# exit;

# for $a (keys(%sock_proc)) {print "$a $sock_proc{$a}\n";}

# part 2: read /proc/net/tcp, /proc/net/udp, and /proc/net/raw,
# printing the answers as we go.

print "type  port      inode     uid    pid   fd  name\n";
sub scheck {
    open(FILE,"/proc/net/".$_[0]) || die;
    while (<FILE>) {
        @F=split();
        next if ($F[9]=~/uid/);
        @A=split(":",$F[1]);
        $a=hex($A[1]);
        ($pid,$fd)=($sock_proc{$F[9]}=~m.([0-9]*):([0-9]*).);
        $cmd = "";
        if ($pid && open (CMD,"/proc/$pid/status")) {
           $l = <CMD>;
           ($cmd) = ( $l=~/Name:\s*(\S+)/ );
           close(CMD);
	}
        printf "%s %6d %10d  %6d %6d %4d  %s\n",
            $_[0], $a ,$F[9], $F[7], $pid, $fd, $cmd;
    }
    close(FILE);
}

scheck("tcp");
scheck("udp");
scheck("raw");