Ok so i have a lxc container. I netcat a connection outwards. In my host container, i’d like to find this open network socket.
I’ve tried this: lsns | awk '{ print $3}' | sed -ne '2,$p' | while read a ; do nsenter -n -t "$a" lsof -i ; done
There isn’t an entry with the nc anywhere. In a ps, i can aim for the pid and ppids, and nsenter -n -t them. From there lsof -i will show the connection.
Isn’t lsns supposed to show all the namespaces that can be reached ? Is there an easier way to do a lsof -i to find an open socket than iterating through the entire process space?
Hi,
If you just want to see the open ports, ss -tlnp is enough. If that connection is TCP. If I read the mail correctly.
Regards.
Typo on the awk. It should be $4. And that works.
It turns out ss -tlnp doesn’t work from the host. Maybe i’m reading the documentation wrong, but with namespaces the root node should be able to see all the other namespace below it, but in this case I needed to nsenter the correct namespace to execute ss or lsof
Aha, got it. What about this.
for k in $(lxc ls -c "n" --format csv); do lxc exec $k -T -- sh -c "ss -tlnp"; done
Regards.
Yes that works too. Using nsenter makes it agnostic to the container implementation though.