On Friday 19 July 2002 17.27, Richard Ibbotson wrote:
Dear all
Anyone know what this might be about ?
After updating squid on my gateway box to squid 2.3.STABLE4 from the SuSE ftp site I find that some more ports have opened up. Before I started squid I found that there weren't any ports open on my SuSE box. 'Netstat -ant' reveals...
Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:1402 127.0.0.1:1403 ESTABLISHED tcp 0 0 127.0.0.1:1403 127.0.0.1:1402 ESTABLISHED tcp 0 0 127.0.0.1:1404 127.0.0.1:1405 ESTABLISHED tcp 0 0 127.0.0.1:1405 127.0.0.1:1404 ESTABLISHED tcp 0 0 127.0.0.1:1406 127.0.0.1:1407 ESTABLISHED tcp 0 0 127.0.0.1:1407 127.0.0.1:1406 ESTABLISHED tcp 0 0 127.0.0.1:1408 127.0.0.1:1409 ESTABLISHED tcp 0 0 127.0.0.1:1409 127.0.0.1:1408 ESTABLISHED
Looking under /etc/services ports 1402 to 1409 would seem to be something to do with all kinds of things that aren't relevant.....
Ports >= 1024 can be opened by any application running as any user. That's why ports < 1024 are sometimes known as "trusted", since they can only be bound by root. /etc/services isn't a very reliable source of information. It's a text file of "known programs" that uses a certain port, but it's far from the only program that can use the port. It's mostly just so you can use mnemonics in the output of various programs, and put "smtp" instead of "25" in your firewall rules. Don't trust it blindly. This looks like some sort of client/server system, where the client and server are both running on the same machine. To find out what it is, try fuser 1402/tcp That should give you the ID of the process that bound the socket. As a side note, "open" ports are ports that are in state LISTEN. State ESTABLISHED can be just about anything. Try starting netscape, for instance, and surf to a web site and check netstat -a regards Anders