Dear all
Anyone know what this might be about ?
After updating squid on my gateway box to squid 2.3.STABLE4 from the
SuSE ftp site I find that some more ports have opened up. Before I
started squid I found that there weren't any ports open on my SuSE
box. 'Netstat -ant' reveals...
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:1402 127.0.0.1:1403 ESTABLISHED
tcp 0 0 127.0.0.1:1403 127.0.0.1:1402 ESTABLISHED
tcp 0 0 127.0.0.1:1404 127.0.0.1:1405 ESTABLISHED
tcp 0 0 127.0.0.1:1405 127.0.0.1:1404 ESTABLISHED
tcp 0 0 127.0.0.1:1406 127.0.0.1:1407 ESTABLISHED
tcp 0 0 127.0.0.1:1407 127.0.0.1:1406 ESTABLISHED
tcp 0 0 127.0.0.1:1408 127.0.0.1:1409 ESTABLISHED
tcp 0 0 127.0.0.1:1409 127.0.0.1:1408 ESTABLISHED
Looking under /etc/services ports 1402 to 1409 would seem to be
something to do with all kinds of things that aren't relevant.....
prm-sm-np 1402/tcp # Prospero Resource Manager
prm-sm-np 1402/udp # Prospero Resource Manager
prm-nm-np 1403/tcp # Prospero Resource Manager
prm-nm-np 1403/udp # Prospero Resource Manager
# B. Clifford Neuman
On Friday 19 July 2002 17.27, Richard Ibbotson wrote:
Dear all
Anyone know what this might be about ?
After updating squid on my gateway box to squid 2.3.STABLE4 from the SuSE ftp site I find that some more ports have opened up. Before I started squid I found that there weren't any ports open on my SuSE box. 'Netstat -ant' reveals...
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:1402 127.0.0.1:1403 ESTABLISHED tcp 0 0 127.0.0.1:1403 127.0.0.1:1402 ESTABLISHED tcp 0 0 127.0.0.1:1404 127.0.0.1:1405 ESTABLISHED tcp 0 0 127.0.0.1:1405 127.0.0.1:1404 ESTABLISHED tcp 0 0 127.0.0.1:1406 127.0.0.1:1407 ESTABLISHED tcp 0 0 127.0.0.1:1407 127.0.0.1:1406 ESTABLISHED tcp 0 0 127.0.0.1:1408 127.0.0.1:1409 ESTABLISHED tcp 0 0 127.0.0.1:1409 127.0.0.1:1408 ESTABLISHED
Looking under /etc/services ports 1402 to 1409 would seem to be something to do with all kinds of things that aren't relevant.....
Ports >= 1024 can be opened by any application running as any user. That's why ports < 1024 are sometimes known as "trusted", since they can only be bound by root. /etc/services isn't a very reliable source of information. It's a text file of "known programs" that uses a certain port, but it's far from the only program that can use the port. It's mostly just so you can use mnemonics in the output of various programs, and put "smtp" instead of "25" in your firewall rules. Don't trust it blindly. This looks like some sort of client/server system, where the client and server are both running on the same machine. To find out what it is, try fuser 1402/tcp That should give you the ID of the process that bound the socket. As a side note, "open" ports are ports that are in state LISTEN. State ESTABLISHED can be just about anything. Try starting netscape, for instance, and surf to a web site and check netstat -a regards Anders
Anders
fuser 1402/tcp
In this case it's '1402/tcp: 3505'. Tried the others and I get all sorts of numbers coming back to me.
As a side note, "open" ports are ports that are in state LISTEN. State ESTABLISHED can be just about anything. Try starting netscape, for instance, and surf to a web site and check netstat -a
Tried that and still get the same on my gateway box. My workstation is a separate machine. Hmm.... interesting.. not completely sure what it's all about :) Thanks -- Richard www.sheflug.co.uk
On Friday 19 July 2002 17.53, Richard Ibbotson wrote:
Anders
fuser 1402/tcp
In this case it's '1402/tcp: 3505'. Tried the others and I get all sorts of numbers coming back to me.
OK, now do "ps aux|grep 3505". The second column is the process ID, the rightmost column is the name of the process (usually, but not always, the command that started it). //Anders
Anders
OK, now do "ps aux|grep 3505". The second column is the process ID, the rightmost column is the name of the process (usually, but not always, the command that started it).
Says ... root 31207 0.0 1316 292 tty5 D 17.19 0:00 grep 3505 Looks a bit like something to do with one of the command line consoles that I'm running. Ta -- Richard www.sheflug.co.uk
On Friday 19 July 2002 18.21, Richard Ibbotson wrote:
Anders
OK, now do "ps aux|grep 3505". The second column is the process ID, the rightmost column is the name of the process (usually, but not always, the command that started it).
Says ...
root 31207 0.0 1316 292 tty5 D 17.19 0:00 grep 3505
Looks a bit like something to do with one of the command line consoles that I'm running.
Yes, that's the "grep" you just ran :) When you grep for something in the process list you usually get both the process you're looking for and the actual grep. So what happened was that the process that bound the port had time to die in between the "fuser" and the "grep". Try fuser -v port/tcp to get a little more verbose output, including the name of the command. You may want to run the netstat again, in case the port numbers have changed. //Anders
Anders
So what happened was that the process that bound the port had time to die in between the "fuser" and the "grep". Try
fuser -v port/tcp
to get a little more verbose output, including the name of the command. You may want to run the netstat again, in case the port numbers have changed.
Ports are the same... result of 'fuser -v 1403/tcp' USER PID ACCESS COMMAND 1403/tcp root 30504 f.... squid the f... bit is as it is on the screen in front of me. Thanks -- Richard
On Friday 19 July 2002 18.45, Richard Ibbotson wrote:
Ports are the same... result of 'fuser -v 1403/tcp'
USER PID ACCESS COMMAND 1403/tcp root 30504 f.... squid
the f... bit is as it is on the screen in front of me.
So there you have it. It is squid talking to squid on the localhost (provided all the ports in question have COMMAND squid, of course). //Anders
Anders
So there you have it. It is squid talking to squid on the localhost (provided all the ports in question have COMMAND squid, of course).
Hmm... looks to me as tho' someone didn't remember to hack /etc/squid.conf before starting squid :) Think I'll go and put the kettle on. Thanks -- Richard www.sheflug.co.uk
participants (2)
-
Anders Johansson
-
Richard Ibbotson